From eaf796c3c0d6364107db05c16395235c1d7caab7 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 4 Jan 2025 14:38:29 +0200 Subject: [PATCH 1/2] Remove support for K8s 1.26 in kOps 1.32 --- cmd/kops/create_cluster_integration_test.go | 13 +- cmd/kops/integration_test.go | 130 +- cmd/kops/lifecycle_integration_test.go | 10 +- pkg/apis/kops/validation/validation.go | 16 +- .../components/awscloudcontrollermanager.go | 8 - pkg/model/components/clusterautoscaler.go | 4 - pkg/model/components/containerd.go | 13 +- .../components/gcpcloudcontrollermanager.go | 4 - pkg/model/components/kubescheduler/model.go | 3 - tests/e2e/pkg/tester/skip_regex.go | 22 - .../k8s-1.23.yaml | 44 - .../networking.flannel/k8s-1.12.yaml.template | 258 - .../k8s-1.22.yaml.template | 4904 ---------------- .../k8s-1.22.yaml.template | 4964 ----------------- upup/pkg/fi/cloudup/apply_cluster.go | 4 +- .../bootstrapchannelbuilder.go | 58 +- upup/pkg/fi/cloudup/new_cluster_test.go | 50 +- upup/pkg/fi/cloudup/template_functions.go | 12 +- .../pkg/fi/cloudup/template_functions_test.go | 20 - 19 files changed, 64 insertions(+), 10473 deletions(-) delete mode 100644 upup/models/cloudup/resources/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml delete mode 100644 upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template delete mode 100644 upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template delete mode 100644 upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template diff --git a/cmd/kops/create_cluster_integration_test.go b/cmd/kops/create_cluster_integration_test.go index 9b1a32a9502a6..bb625ea1fa45a 100644 --- a/cmd/kops/create_cluster_integration_test.go +++ b/cmd/kops/create_cluster_integration_test.go @@ -46,14 +46,14 @@ var MagicTimestamp = metav1.Time{Time: time.Date(2017, 1, 1, 0, 0, 0, 0, time.UT // TestCreateClusterMinimal runs kops create cluster minimal.example.com --zones us-test-1a func TestCreateClusterMinimal(t *testing.T) { - runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.25", "v1alpha2") - runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.26", "v1alpha2") runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.27", "v1alpha2") runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.28", "v1alpha2") runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.29", "v1alpha2") runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.30", "v1alpha2") - runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.26-arm64", "v1alpha2") - runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.26-irsa", "v1alpha2") + runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.31", "v1alpha2") + runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.32", "v1alpha2") + runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-arm64", "v1alpha2") + runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-irsa", "v1alpha2") } // TestCreateClusterHetzner runs kops create cluster minimal.k8s.local --zones fsn1 @@ -111,9 +111,8 @@ func TestCreateClusterHA(t *testing.T) { // TestCreateClusterMinimalGCE runs kops create cluster minimal.example.com --cloud gce --zones us-test1-a func TestCreateClusterMinimalGCE(t *testing.T) { - runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.26-gce", "v1alpha2") - runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.26-gce-dns-none", "v1alpha2") - runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.29-gce", "v1alpha2") + runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-gce", "v1alpha2") + runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-gce-dns-none", "v1alpha2") } // TestCreateClusterHAGCE runs kops create cluster ha-gce.example.com --cloud gce --zones us-test1-a,us-test1-b,us-test1-c --master-zones us-test1-a,us-test1-b,us-test1-c diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index ca90a353f72a6..7b07a9f7a57d9 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -190,16 +190,6 @@ func (i integrationTest) withDefaultServiceAccountRoles24() *integrationTest { withServiceAccountRole("ebs-csi-controller-sa.kube-system", true) } -// withDefaultAddons24 adds the default addons for an AWS cluster running k8s 1.24 -func (i integrationTest) withDefaultAddons24() *integrationTest { - return i.withAddons( - awsCCMAddon, - awsEBSCSIAddon, - dnsControllerAddon, - leaderElectionAddon, - ) -} - // withDefaultAddons30 adds the default addons for an AWS cluster running k8s 1.30 func (i integrationTest) withDefaultAddons30() *integrationTest { return i.withAddons( @@ -210,7 +200,7 @@ func (i integrationTest) withDefaultAddons30() *integrationTest { } func (i integrationTest) withDefaults24() *integrationTest { - return i.withDefaultAddons24().withDefaultServiceAccountRoles24() + return i.withDefaultAddons30().withDefaultServiceAccountRoles24() } const ( @@ -232,7 +222,6 @@ const ( certManagerAddon = "certmanager.io-k8s-1.16" clusterAutoscalerAddon = "cluster-autoscaler.addons.k8s.io-k8s-1.15" dnsControllerAddon = "dns-controller.addons.k8s.io-k8s-1.12" - leaderElectionAddon = "leader-migration.rbac.addons.k8s.io-k8s-1.23" metricsServerAddon = "metrics-server.addons.k8s.io-k8s-1.11" nodeProblemDetectorAddon = "node-problem-detector.addons.k8s.io-k8s-1.17" ) @@ -249,22 +238,19 @@ func TestMinimalAWS(t *testing.T) { } // TestMinimal runs the test on a minimum configuration -func TestMinimal_v1_25(t *testing.T) { - newIntegrationTest("minimal.example.com", "minimal-1.25"). +func TestMinimal_v1_27(t *testing.T) { + newIntegrationTest("minimal.example.com", "minimal-1.27"). withAddons( awsEBSCSIAddon, dnsControllerAddon, awsCCMAddon, - leaderElectionAddon, ). runTestTerraformAWS(t) } // TestMinimal runs the test on a minimum configuration -func TestMinimal_v1_26(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") - - newIntegrationTest("minimal.example.com", "minimal-1.26"). +func TestMinimal_v1_28(t *testing.T) { + newIntegrationTest("minimal.example.com", "minimal-1.28"). withAddons( awsEBSCSIAddon, dnsControllerAddon, @@ -274,10 +260,8 @@ func TestMinimal_v1_26(t *testing.T) { } // TestMinimal runs the test on a minimum configuration -func TestMinimal_v1_27(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") - - newIntegrationTest("minimal.example.com", "minimal-1.27"). +func TestMinimal_v1_29(t *testing.T) { + newIntegrationTest("minimal.example.com", "minimal-1.29"). withAddons( awsEBSCSIAddon, dnsControllerAddon, @@ -287,10 +271,8 @@ func TestMinimal_v1_27(t *testing.T) { } // TestMinimal runs the test on a minimum configuration -func TestMinimal_v1_28(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") - - newIntegrationTest("minimal.example.com", "minimal-1.28"). +func TestMinimal_v1_30(t *testing.T) { + newIntegrationTest("minimal.example.com", "minimal-1.30"). withAddons( awsEBSCSIAddon, dnsControllerAddon, @@ -300,10 +282,8 @@ func TestMinimal_v1_28(t *testing.T) { } // TestMinimal runs the test on a minimum configuration -func TestMinimal_v1_29(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") - - newIntegrationTest("minimal.example.com", "minimal-1.29"). +func TestMinimal_v1_31(t *testing.T) { + newIntegrationTest("minimal.example.com", "minimal-1.31"). withAddons( awsEBSCSIAddon, dnsControllerAddon, @@ -313,10 +293,8 @@ func TestMinimal_v1_29(t *testing.T) { } // TestMinimal runs the test on a minimum configuration -func TestMinimal_v1_30(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") - - newIntegrationTest("minimal.example.com", "minimal-1.30"). +func TestMinimal_v1_32(t *testing.T) { + newIntegrationTest("minimal.example.com", "minimal-1.32"). withAddons( awsEBSCSIAddon, dnsControllerAddon, @@ -327,8 +305,6 @@ func TestMinimal_v1_30(t *testing.T) { // TestMinimal_NoneDNS runs the test on a minimum configuration with --dns=none func TestMinimal_NoneDNS(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") - newIntegrationTest("minimal.example.com", "minimal-dns-none"). withAddons( awsEBSCSIAddon, @@ -538,14 +514,14 @@ func TestExternalPolicies(t *testing.T) { // TestMinimalIPv6 runs the test on a minimum IPv6 configuration func TestMinimalIPv6(t *testing.T) { newIntegrationTest("minimal-ipv6.example.com", "minimal-ipv6"). - withDefaultAddons24(). + withDefaultAddons30(). runTestTerraformAWS(t) } // TestMinimalIPv6Calico runs the test on a minimum IPv6 configuration with Calico func TestMinimalIPv6Calico(t *testing.T) { newIntegrationTest("minimal-ipv6.example.com", "minimal-ipv6-calico"). - withDefaultAddons24(). + withDefaultAddons30(). withAddons(calicoAddon). runTestTerraformAWS(t) } @@ -553,7 +529,7 @@ func TestMinimalIPv6Calico(t *testing.T) { // TestMinimalIPv6Cilium runs the test on a minimum IPv6 configuration with Cilium func TestMinimalIPv6Cilium(t *testing.T) { newIntegrationTest("minimal-ipv6.example.com", "minimal-ipv6-cilium"). - withDefaultAddons24(). + withDefaultAddons30(). withAddons(ciliumAddon). runTestTerraformAWS(t) } @@ -561,7 +537,7 @@ func TestMinimalIPv6Cilium(t *testing.T) { // TestMinimalIPv6NoSubnetPrefix runs the test with "/64#N" subnet notation func TestMinimalIPv6NoSubnetPrefix(t *testing.T) { newIntegrationTest("minimal-ipv6.example.com", "minimal-ipv6-no-subnet-prefix"). - withDefaultAddons24(). + withDefaultAddons30(). runTestTerraformAWS(t) } @@ -637,7 +613,7 @@ func TestBastionAdditionalUserData(t *testing.T) { func TestPrivateFlannel(t *testing.T) { newIntegrationTest("privateflannel.example.com", "privateflannel"). withPrivate(). - withDefaultAddons24(). + withDefaultAddons30(). withAddons(flannelAddon). runTestTerraformAWS(t) } @@ -646,7 +622,7 @@ func TestPrivateFlannel(t *testing.T) { func TestPrivateCalico(t *testing.T) { newIntegrationTest("privatecalico.example.com", "privatecalico"). withPrivate(). - withDefaultAddons24(). + withDefaultAddons30(). withAddons(calicoAddon). runTestTerraformAWS(t) } @@ -702,7 +678,7 @@ func TestPrivateCiliumENI(t *testing.T) { func TestPrivateCanal(t *testing.T) { newIntegrationTest("privatecanal.example.com", "privatecanal"). withPrivate(). - withDefaultAddons24(). + withDefaultAddons30(). withAddons(canalAddon). runTestTerraformAWS(t) } @@ -861,57 +837,7 @@ func TestManyAddonsCCMIRSA(t *testing.T) { runTestTerraformAWS(t) } -func TestManyAddonsCCMIRSA25(t *testing.T) { - newIntegrationTest("minimal.example.com", "many-addons-ccm-irsa25"). - withOIDCDiscovery(). - withServiceAccountRole("aws-load-balancer-controller.kube-system", true). - withServiceAccountRole("dns-controller.kube-system", true). - withServiceAccountRole("aws-cloud-controller-manager.kube-system", true). - withServiceAccountRole("cluster-autoscaler.kube-system", true). - withServiceAccountRole("ebs-csi-controller-sa.kube-system", true). - withServiceAccountRole("aws-node-termination-handler.kube-system", true). - withAddons( - "aws-load-balancer-controller.addons.k8s.io-k8s-1.19", - "aws-ebs-csi-driver.addons.k8s.io-k8s-1.17", - "certmanager.io-k8s-1.16", - "cluster-autoscaler.addons.k8s.io-k8s-1.15", - "networking.amazon-vpc-routed-eni-k8s-1.16", - "snapshot-controller.addons.k8s.io-k8s-1.20", - "aws-cloud-controller.addons.k8s.io-k8s-1.18", - leaderElectionAddon, - metricsServerAddon, - dnsControllerAddon, - ). - runTestTerraformAWS(t) -} - -func TestManyAddonsCCMIRSA26(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") - newIntegrationTest("minimal.example.com", "many-addons-ccm-irsa26"). - withOIDCDiscovery(). - withServiceAccountRole("aws-load-balancer-controller.kube-system", true). - withServiceAccountRole("dns-controller.kube-system", true). - withServiceAccountRole("aws-cloud-controller-manager.kube-system", true). - withServiceAccountRole("cluster-autoscaler.kube-system", true). - withServiceAccountRole("ebs-csi-controller-sa.kube-system", true). - withServiceAccountRole("aws-node-termination-handler.kube-system", true). - withAddons( - "aws-load-balancer-controller.addons.k8s.io-k8s-1.19", - "aws-ebs-csi-driver.addons.k8s.io-k8s-1.17", - "certmanager.io-k8s-1.16", - "cluster-autoscaler.addons.k8s.io-k8s-1.15", - "networking.amazon-vpc-routed-eni-k8s-1.16", - "snapshot-controller.addons.k8s.io-k8s-1.20", - "aws-cloud-controller.addons.k8s.io-k8s-1.18", - "nodelocaldns.addons.k8s.io-k8s-1.12", - metricsServerAddon, - dnsControllerAddon, - ). - runTestTerraformAWS(t) -} - func TestManyAddonsGCE(t *testing.T) { - t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") newIntegrationTest("minimal.example.com", "many-addons-gce"). withAddons( certManagerAddon, @@ -1007,7 +933,7 @@ func TestSharedVPC(t *testing.T) { // TestSharedVPCIPv6 runs the test on a configuration with a shared VPC using IPv6 func TestSharedVPCIPv6(t *testing.T) { newIntegrationTest("minimal-ipv6.example.com", "shared_vpc_ipv6"). - withDefaultAddons24(). + withDefaultAddons30(). runTestTerraformAWS(t) } @@ -1527,6 +1453,8 @@ func storeKeyset(t *testing.T, ctx context.Context, keyStore fi.Keystore, name s } func (i *integrationTest) runTestTerraformAWS(t *testing.T) { + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") + ctx := testcontext.ForTest(t) h := testutils.NewIntegrationTestHarness(t) defer h.Close() @@ -1615,6 +1543,8 @@ func (i *integrationTest) runTestTerraformAWS(t *testing.T) { } func (i *integrationTest) runTestPhase(t *testing.T, phase cloudup.Phase) { + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") + ctx := testcontext.ForTest(t) h := testutils.NewIntegrationTestHarness(t) defer h.Close() @@ -1660,6 +1590,8 @@ func (i *integrationTest) runTestPhase(t *testing.T, phase cloudup.Phase) { } func (i *integrationTest) runTestTerraformGCE(t *testing.T) { + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") + ctx := testcontext.ForTest(t) h := testutils.NewIntegrationTestHarness(t) defer h.Close() @@ -1688,8 +1620,8 @@ func (i *integrationTest) runTestTerraformGCE(t *testing.T) { "aws_s3_object_"+i.clusterName+"-addons-kops-controller.addons.k8s.io-k8s-1.16_content", "aws_s3_object_"+i.clusterName+"-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content", "aws_s3_object_"+i.clusterName+"-addons-limit-range.addons.k8s.io_content", - "aws_s3_object_"+i.clusterName+"-addons-metadata-proxy.addons.k8s.io-v0.1.12_content", - "aws_s3_object_"+i.clusterName+"-addons-storage-gce.addons.k8s.io-v1.7.0_content") + "aws_s3_object_"+i.clusterName+"-addons-storage-gce.addons.k8s.io-v1.7.0_content", + ) for j := 0; j < i.zones; j++ { zone := "us-test1-" + string([]byte{byte('a') + byte(j)}) @@ -1710,6 +1642,8 @@ func (i *integrationTest) runTestTerraformGCE(t *testing.T) { } func (i *integrationTest) runTestTerraformHetzner(t *testing.T) { + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") + ctx := testcontext.ForTest(t) h := testutils.NewIntegrationTestHarness(t) defer h.Close() @@ -1743,6 +1677,8 @@ func (i *integrationTest) runTestTerraformHetzner(t *testing.T) { } func (i *integrationTest) runTestTerraformScaleway(t *testing.T) { + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") + featureflag.ParseFlags("+Scaleway") unsetFeatureFlags := func() { featureflag.ParseFlags("-Scaleway") diff --git a/cmd/kops/lifecycle_integration_test.go b/cmd/kops/lifecycle_integration_test.go index e48e632ca2781..4198241c38d93 100644 --- a/cmd/kops/lifecycle_integration_test.go +++ b/cmd/kops/lifecycle_integration_test.go @@ -371,6 +371,7 @@ func runLifecycleTestAWS(o *LifecycleTestOptions) { o.AddDefaults() t := o.t + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") h := testutils.NewIntegrationTestHarness(o.t) defer h.Close() @@ -401,16 +402,12 @@ func runLifecycleTestOpenstack(o *LifecycleTestOptions) { o.AddDefaults() t := o.t + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") + t.Setenv("OS_REGION_NAME", "us-test1") h := testutils.NewIntegrationTestHarness(o.t) defer h.Close() - origRegion := os.Getenv("OS_REGION_NAME") - os.Setenv("OS_REGION_NAME", "us-test1") - defer func() { - os.Setenv("OS_REGION_NAME", origRegion) - }() - h.MockKopsVersion("1.21.0-alpha.1") cloud := testutils.SetupMockOpenstack() @@ -459,6 +456,7 @@ func runLifecycleTestGCE(o *LifecycleTestOptions) { o.AddDefaults() t := o.t + t.Setenv("KOPS_RUN_TOO_NEW_VERSION", "1") h := testutils.NewIntegrationTestHarness(o.t) defer h.Close() diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go index a3b303b7edf85..2695b1e2445a6 100644 --- a/pkg/apis/kops/validation/validation.go +++ b/pkg/apis/kops/validation/validation.go @@ -757,20 +757,18 @@ func validateKubeAPIServer(v *kops.KubeAPIServerConfig, c *kops.Cluster, fldPath "admissionControl is mutually exclusive with disableAdmissionPlugins˚")) } - if c.IsKubernetesGTE("1.26") { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("admissionControl"), "admissionControl has been replaced with enableAdmissionPlugins")) - } + allErrs = append(allErrs, field.Forbidden(fldPath.Child("admissionControl"), "admissionControl has been replaced with enableAdmissionPlugins")) } for _, plugin := range v.EnableAdmissionPlugins { - if plugin == "PodSecurityPolicy" && c.IsKubernetesGTE("1.25") { + if plugin == "PodSecurityPolicy" { allErrs = append(allErrs, field.Forbidden(fldPath.Child("enableAdmissionPlugins"), "PodSecurityPolicy has been removed from Kubernetes 1.25")) } } for _, plugin := range v.AdmissionControl { - if plugin == "PodSecurityPolicy" && c.IsKubernetesGTE("1.25") { + if plugin == "PodSecurityPolicy" { allErrs = append(allErrs, field.Forbidden(fldPath.Child("admissionControl"), "PodSecurityPolicy has been removed from Kubernetes 1.25")) } @@ -853,9 +851,7 @@ func validateKubeControllerManager(v *kops.KubeControllerManagerConfig, c *kops. // We aren't aiming to do comprehensive validation, but we can add some best-effort validation where it helps guide users // Users reported encountered this in #15909 if v.ExperimentalClusterSigningDuration != nil { - if c.IsKubernetesGTE("1.25") { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("experimentalClusterSigningDuration"), "experimentalClusterSigningDuration has been replaced with clusterSigningDuration as of kubernetes 1.25")) - } + allErrs = append(allErrs, field.Forbidden(fldPath.Child("experimentalClusterSigningDuration"), "experimentalClusterSigningDuration has been replaced with clusterSigningDuration as of kubernetes 1.25")) } return allErrs @@ -1111,9 +1107,7 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath * allErrs = append(allErrs, field.Forbidden(fldPath.Child("external"), "only one networking option permitted")) } - if cluster.IsKubernetesGTE("1.26") { - allErrs = append(allErrs, field.Forbidden(fldPath.Child("external"), "external is not supported for Kubernetes >= 1.26")) - } + allErrs = append(allErrs, field.Forbidden(fldPath.Child("external"), "external is not supported for Kubernetes >= 1.26")) optionTaken = true } diff --git a/pkg/model/components/awscloudcontrollermanager.go b/pkg/model/components/awscloudcontrollermanager.go index 6fa0978f5d18f..bde85abcde9e7 100644 --- a/pkg/model/components/awscloudcontrollermanager.go +++ b/pkg/model/components/awscloudcontrollermanager.go @@ -75,10 +75,6 @@ func (b *AWSCloudControllerManagerOptionsBuilder) BuildOptions(cluster *kops.Clu if eccm.Image == "" { // See https://us.gcr.io/k8s-artifacts-prod/provider-aws/cloud-controller-manager switch b.ControlPlaneKubernetesVersion().Minor() { - case 25: - eccm.Image = "registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15" - case 26: - eccm.Image = "registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12" case 27: eccm.Image = "registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9" case 28: @@ -94,9 +90,5 @@ func (b *AWSCloudControllerManagerOptionsBuilder) BuildOptions(cluster *kops.Clu } } - if b.ControlPlaneKubernetesVersion().IsLT("1.25") { - eccm.EnableLeaderMigration = fi.PtrTo(true) - } - return nil } diff --git a/pkg/model/components/clusterautoscaler.go b/pkg/model/components/clusterautoscaler.go index 64e49f1edfebd..39387c4ef0b12 100644 --- a/pkg/model/components/clusterautoscaler.go +++ b/pkg/model/components/clusterautoscaler.go @@ -43,10 +43,6 @@ func (b *ClusterAutoscalerOptionsBuilder) BuildOptions(o *kops.Cluster) error { v, err := util.ParseKubernetesVersion(clusterSpec.KubernetesVersion) if err == nil { switch v.Minor { - case 25: - image = "registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.3" - case 26: - image = "registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8" case 27: image = "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.7" case 28: diff --git a/pkg/model/components/containerd.go b/pkg/model/components/containerd.go index d2a6ac5fb78b0..1a47eae71df9b 100644 --- a/pkg/model/components/containerd.go +++ b/pkg/model/components/containerd.go @@ -42,22 +42,13 @@ func (b *ContainerdOptionsBuilder) BuildOptions(o *kops.Cluster) error { // Set version based on Kubernetes version if fi.ValueOf(containerd.Version) == "" { switch { - case b.IsKubernetesLT("1.25.10"): - fallthrough - case b.IsKubernetesGTE("1.26") && b.IsKubernetesLT("1.26.5"): - fallthrough - case b.IsKubernetesGTE("1.27") && b.IsKubernetesLT("1.27.2"): + case b.IsKubernetesLT("1.27.2"): containerd.Version = fi.PtrTo("1.6.20") containerd.Runc = &kops.Runc{ Version: fi.PtrTo("1.1.5"), } - case b.IsKubernetesGTE("1.27.2"): - containerd.Version = fi.PtrTo("1.7.22") - containerd.Runc = &kops.Runc{ - Version: fi.PtrTo("1.1.14"), - } default: - containerd.Version = fi.PtrTo("1.6.36") + containerd.Version = fi.PtrTo("1.7.22") containerd.Runc = &kops.Runc{ Version: fi.PtrTo("1.1.14"), } diff --git a/pkg/model/components/gcpcloudcontrollermanager.go b/pkg/model/components/gcpcloudcontrollermanager.go index 228ce4630070a..cd5cc58f625f2 100644 --- a/pkg/model/components/gcpcloudcontrollermanager.go +++ b/pkg/model/components/gcpcloudcontrollermanager.go @@ -79,9 +79,5 @@ func (b *GCPCloudControllerManagerOptionsBuilder) BuildOptions(cluster *kops.Clu } } - if b.ControlPlaneKubernetesVersion().IsLT("1.25") { - ccmConfig.EnableLeaderMigration = fi.PtrTo(true) - } - return nil } diff --git a/pkg/model/components/kubescheduler/model.go b/pkg/model/components/kubescheduler/model.go index b92e9a12c6bb1..a16cfdb3de3b5 100644 --- a/pkg/model/components/kubescheduler/model.go +++ b/pkg/model/components/kubescheduler/model.go @@ -88,9 +88,6 @@ func (b *KubeSchedulerBuilder) buildSchedulerConfig() ([]byte, error) { config = &unstructured.Unstructured{} config.SetKind("KubeSchedulerConfiguration") config.SetAPIVersion("kubescheduler.config.k8s.io/v1") - if b.IsKubernetesLT("1.25") { - config.SetAPIVersion("kubescheduler.config.k8s.io/v1beta2") - } // We need to store the object, because we are often called repeatedly (until we converge) b.AdditionalObjects = append(b.AdditionalObjects, kubemanifest.NewObject(config.Object)) } diff --git a/tests/e2e/pkg/tester/skip_regex.go b/tests/e2e/pkg/tester/skip_regex.go index 42693dcd59a3c..fde373ed9d4f8 100644 --- a/tests/e2e/pkg/tester/skip_regex.go +++ b/tests/e2e/pkg/tester/skip_regex.go @@ -50,14 +50,6 @@ func (t *Tester) setSkipRegexFlag() error { skipRegex := skipRegexBase - if k8sVersion.Minor == 26 && cluster.Spec.LegacyCloudProvider == "aws" { - // This test was introduced in k8s 1.26 - // and skipped automatically for AWS clusters as of k8s 1.27 - // because Classic Load Balancers dont support UDP - // https://github.com/kubernetes/kubernetes/pull/113650 - // https://github.com/kubernetes/kubernetes/pull/115977 - skipRegex += "|LoadBalancers.should.be.able.to.preserve.UDP.traffic" - } if !isPre28 { // K8s 1.28 promoted ProxyTerminatingEndpoints to GA, but it has limited CNI support // https://github.com/kubernetes/kubernetes/pull/117718 @@ -167,20 +159,6 @@ func (t *Tester) setSkipRegexFlag() error { skipRegex += "|should.verify.that.all.nodes.have.volume.limits" } - if cluster.Spec.LegacyCloudProvider == "aws" { - if k8sVersion.Minor <= 26 { - // Prow jobs are being migrated to community-owned EKS clusters. - // The e2e.test binaries from older k/k builds dont have new enough aws-sdk-go versions to authenticate from EKS pods. - // This disables tests that depend on e2e.test's aws-sdk-go. - // - // > Couldn't create a new PD in zone "ap-northeast-1c", sleeping 5 seconds: NoCredentialProviders: no valid providers in chain. Deprecated. - // - // We can remove this once we remove the old upgrade jobs. - // Example: https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-aws-upgrade-k125-ko128-to-k126-kolatest/1808210907088556032 - skipRegex += "|\\[Driver:.aws\\].\\[Testpattern:.Pre-provisioned.PV|\\[Driver:.aws\\].\\[Testpattern:.Inline-volume" - } - } - // This test fails on RHEL-based distros because they return fully qualified hostnames yet the k8s node names are not fully qualified. // Dedicated job testing this: https://testgrid.k8s.io/kops-misc#kops-aws-k28-hostname-bug123255 // ref: https://github.com/kubernetes/kops/issues/16349 diff --git a/upup/models/cloudup/resources/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml b/upup/models/cloudup/resources/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml deleted file mode 100644 index f56e8d7153c95..0000000000000 --- a/upup/models/cloudup/resources/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - cloud-provider-extraction-migration - verbs: - - create - - list - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template deleted file mode 100644 index 7d48262544a9d..0000000000000 --- a/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template +++ /dev/null @@ -1,258 +0,0 @@ -# Pulled and modified from: https://raw.githubusercontent.com/coreos/flannel/v0.17.0/Documentation/kube-flannel.yml - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: psp.flannel.unprivileged - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default - apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default -spec: - privileged: false - volumes: - - configMap - - secret - - emptyDir - - hostPath - allowedHostPaths: - - pathPrefix: "/dev/net" - - pathPrefix: "/etc/cni/net.d" - - pathPrefix: "/etc/kube-flannel" - - pathPrefix: "/run/flannel" - readOnlyRootFilesystem: false - # Users and groups - runAsUser: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - # Privilege Escalation - allowPrivilegeEscalation: false - defaultAllowPrivilegeEscalation: false - # Capabilities - allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] - defaultAddCapabilities: [] - requiredDropCapabilities: [] - # Host namespaces - hostPID: false - hostIPC: false - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - # SELinux - seLinux: - # SELinux is unused in CaaSP - rule: 'RunAsAny' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flannel -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: ['psp.flannel.unprivileged'] -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flannel -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flannel -subjects: -- kind: ServiceAccount - name: flannel - namespace: kube-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: flannel - namespace: kube-system ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: kube-flannel-cfg - namespace: kube-system - labels: - k8s-app: flannel - tier: node - app: flannel -data: - cni-conf.json: | - { - "name": "cbr0", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "flannel", - "delegate": { - "hairpinMode": true, - "isDefaultGateway": true - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] - } - net-conf.json: | - { - "Network": "{{ .Networking.NonMasqueradeCIDR }}", - "Backend": { - "Type": "{{ FlannelBackendType }}" - } - } ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: kube-flannel-ds - namespace: kube-system - labels: - k8s-app: flannel - tier: node - app: flannel -spec: - selector: - matchLabels: - tier: node - app: flannel - template: - metadata: - labels: - tier: node - app: flannel - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - hostNetwork: true - priorityClassName: system-node-critical - tolerations: - - operator: Exists - serviceAccountName: flannel - initContainers: - - name: install-cni-plugin - image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.1 - command: - - cp - args: - - -f - - /flannel - - /opt/cni/bin/flannel - volumeMounts: - - name: cni-plugin - mountPath: /opt/cni/bin - - name: install-cni - image: rancher/mirrored-flannelcni-flannel:v0.17.0 - command: - - cp - args: - - -f - - /etc/kube-flannel/cni-conf.json - - /etc/cni/net.d/10-flannel.conflist - volumeMounts: - - name: cni - mountPath: /etc/cni/net.d - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - containers: - - name: kube-flannel - image: rancher/mirrored-flannelcni-flannel:v0.17.0 - command: - - /opt/bin/flanneld - args: - - --ip-masq - - --kube-subnet-mgr - - --iptables-resync={{- or .Networking.Flannel.IptablesResyncSeconds "5" }} - resources: - limits: - memory: 100Mi - requests: - cpu: 100m - memory: 100Mi - securityContext: - privileged: false - capabilities: - add: ["NET_ADMIN", "NET_RAW"] -{{ if ContainerdSELinuxEnabled }} - seLinuxOptions: - type: spc_t - level: s0 -{{ end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: run - mountPath: /run/flannel - - name: dev-net - mountPath: /dev/net - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - - name: xtables-lock - mountPath: /run/xtables.lock - volumes: - - name: run - hostPath: - path: /run/flannel - - name: dev-net - hostPath: - path: /dev/net - - name: cni-plugin - hostPath: - path: /opt/cni/bin - - name: cni - hostPath: - path: /etc/cni/net.d - - name: flannel-cfg - configMap: - name: kube-flannel-cfg - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template deleted file mode 100644 index 94dd8c6ea8d8a..0000000000000 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template +++ /dev/null @@ -1,4904 +0,0 @@ -# Pulled and modified from: https://projectcalico.docs.tigera.io/archive/v3.23/manifests/canal.yaml - ---- -# Source: calico/templates/calico-config.yaml -# This ConfigMap is used to configure a self-hosted Canal installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: canal-config - namespace: kube-system -data: - # You must set a non-zero value for Typha replicas below. - typha_service_name: "{{ if .Networking.Canal.TyphaReplicas }}calico-typha{{ else }}none{{ end }}" - - # The interface used by canal for host <-> host communication. - # If left blank, then the interface is chosen using the node's - # default route. - canal_iface: "" - - # Whether or not to masquerade traffic to destinations not within - # the pod network. - masquerade: "true" - - # Configure the MTU to use for workload interfaces and tunnels. - # By default, MTU is auto-detected, and explicitly setting this field should not be required. - # You can override auto-detection by providing a non-zero value. - veth_mtu: "{{ or .Networking.Canal.MTU 0 }}" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "log_file_path": "/var/log/calico/cni/cni.log", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, - "ipam": { - "type": "host-local", - "subnet": "usePodCidr" - }, - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - }, - { - "type": "bandwidth", - "capabilities": {"bandwidth": true} - } - ] - } - - # Flannel network configuration. Mounted into the flannel container. - net-conf.json: | - { - "Network": "{{ .Networking.NonMasqueradeCIDR }}", - "Backend": { - "Type": "vxlan" - } - } - ---- -# Source: calico/templates/kdd-crds.yaml - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPConfiguration - listKind: BGPConfigurationList - plural: bgpconfigurations - singular: bgpconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: BGPConfiguration contains the configuration for any BGP routing. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPConfigurationSpec contains the values of the BGP configuration. - properties: - asNumber: - description: 'ASNumber is the default AS number used by a node. [Default: - 64512]' - format: int32 - type: integer - bindMode: - description: BindMode indicates whether to listen for BGP connections - on all addresses (None) or only on the node's canonical IP address - Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen - for BGP connections on all addresses. - type: string - communities: - description: Communities is a list of BGP community values and their - arbitrary names for tagging routes. - items: - description: Community contains standard or large community value - and its name. - properties: - name: - description: Name given to community value. - type: string - value: - description: Value must be of format `aa:nn` or `aa:nn:mm`. - For standard community use `aa:nn` format, where `aa` and - `nn` are 16 bit number. For large community use `aa:nn:mm` - format, where `aa`, `nn` and `mm` are 32 bit number. Where, - `aa` is an AS Number, `nn` and `mm` are per-AS identifier. - pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$ - type: string - type: object - type: array - listenPort: - description: ListenPort is the port where BGP protocol should listen. - Defaults to 179 - maximum: 65535 - minimum: 1 - type: integer - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: INFO]' - type: string - nodeMeshMaxRestartTime: - description: Time to allow for software restart for node-to-mesh peerings. When - specified, this is configured as the graceful restart timeout. When - not specified, the BIRD default of 120s is used. This field can - only be set on the default BGPConfiguration instance and requires - that NodeMesh is enabled - type: string - nodeMeshPassword: - description: Optional BGP password for full node-to-mesh peerings. - This field can only be set on the default BGPConfiguration instance - and requires that NodeMesh is enabled - properties: - secretKeyRef: - description: Selects a key of a secret in the node pod's namespace. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - type: object - nodeToNodeMeshEnabled: - description: 'NodeToNodeMeshEnabled sets whether full node to node - BGP mesh is enabled. [Default: true]' - type: boolean - prefixAdvertisements: - description: PrefixAdvertisements contains per-prefix advertisement - configuration. - items: - description: PrefixAdvertisement configures advertisement properties - for the specified CIDR. - properties: - cidr: - description: CIDR for which properties should be advertised. - type: string - communities: - description: Communities can be list of either community names - already defined in `Specs.Communities` or community value - of format `aa:nn` or `aa:nn:mm`. For standard community use - `aa:nn` format, where `aa` and `nn` are 16 bit number. For - large community use `aa:nn:mm` format, where `aa`, `nn` and - `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and - `mm` are per-AS identifier. - items: - type: string - type: array - type: object - type: array - serviceClusterIPs: - description: ServiceClusterIPs are the CIDR blocks from which service - cluster IPs are allocated. If specified, Calico will advertise these - blocks, as well as any cluster IPs within them. - items: - description: ServiceClusterIPBlock represents a single allowed ClusterIP - CIDR block. - properties: - cidr: - type: string - type: object - type: array - serviceExternalIPs: - description: ServiceExternalIPs are the CIDR blocks for Kubernetes - Service External IPs. Kubernetes Service ExternalIPs will only be - advertised if they are within one of these blocks. - items: - description: ServiceExternalIPBlock represents a single allowed - External IP CIDR block. - properties: - cidr: - type: string - type: object - type: array - serviceLoadBalancerIPs: - description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes - Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress - IPs will only be advertised if they are within one of these blocks. - items: - description: ServiceLoadBalancerIPBlock represents a single allowed - LoadBalancer IP CIDR block. - properties: - cidr: - type: string - type: object - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgppeers.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPPeer - listKind: BGPPeerList - plural: bgppeers - singular: bgppeer - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPPeerSpec contains the specification for a BGPPeer resource. - properties: - asNumber: - description: The AS Number of the peer. - format: int32 - type: integer - keepOriginalNextHop: - description: Option to keep the original nexthop field when routes - are sent to a BGP Peer. Setting "true" configures the selected BGP - Peers node to use the "next hop keep;" instead of "next hop self;"(default) - in the specific branch of the Node on "bird.cfg". - type: boolean - maxRestartTime: - description: Time to allow for software restart. When specified, - this is configured as the graceful restart timeout. When not specified, - the BIRD default of 120s is used. - type: string - node: - description: The node name identifying the Calico node instance that - is targeted by this peer. If this is not set, and no nodeSelector - is specified, then this BGP peer selects all nodes in the cluster. - type: string - nodeSelector: - description: Selector for the nodes that should have this peering. When - this is set, the Node field must be empty. - type: string - numAllowedLocalASNumbers: - description: Maximum number of local AS numbers that are allowed in - the AS path for received routes. This removes BGP loop prevention - and should only be used if absolutely necesssary. - format: int32 - type: integer - password: - description: Optional BGP password for the peerings generated by this - BGPPeer resource. - properties: - secretKeyRef: - description: Selects a key of a secret in the node pod's namespace. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - type: object - peerIP: - description: The IP address of the peer followed by an optional port - number to peer with. If port number is given, format should be `[]:port` - or `:` for IPv4. If optional port number is not set, - and this peer IP and ASNumber belongs to a calico/node with ListenPort - set in BGPConfiguration, then we use that port to peer. - type: string - peerSelector: - description: Selector for the remote nodes to peer with. When this - is set, the PeerIP and ASNumber fields must be empty. For each - peering between the local node and selected remote nodes, we configure - an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, - and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The - remote AS number comes from the remote node's NodeBGPSpec.ASNumber, - or the global default if that is not set. - type: string - sourceAddress: - description: Specifies whether and how to configure a source address - for the peerings generated by this BGPPeer resource. Default value - "UseNodeIP" means to configure the node IP as the source address. "None" - means not to configure a source address. - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: blockaffinities.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BlockAffinity - listKind: BlockAffinityList - plural: blockaffinities - singular: blockaffinity - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BlockAffinitySpec contains the specification for a BlockAffinity - resource. - properties: - cidr: - type: string - deleted: - description: Deleted indicates that this block affinity is being deleted. - This field is a string for compatibility with older releases that - mistakenly treat this field as a string. - type: string - node: - type: string - state: - type: string - required: - - cidr - - deleted - - node - - state - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: caliconodestatuses.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: CalicoNodeStatus - listKind: CalicoNodeStatusList - plural: caliconodestatuses - singular: caliconodestatus - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus - resource. - properties: - classes: - description: Classes declares the types of information to monitor - for this calico/node, and allows for selective status reporting - about certain subsets of information. - items: - type: string - type: array - node: - description: The node name identifies the Calico node instance for - node status. - type: string - updatePeriodSeconds: - description: UpdatePeriodSeconds is the period at which CalicoNodeStatus - should be updated. Set to 0 to disable CalicoNodeStatus refresh. - Maximum update period is one day. - format: int32 - type: integer - type: object - status: - description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus. - No validation needed for status since it is updated by Calico. - properties: - agent: - description: Agent holds agent status on the node. - properties: - birdV4: - description: BIRDV4 represents the latest observed status of bird4. - properties: - lastBootTime: - description: LastBootTime holds the value of lastBootTime - from bird.ctl output. - type: string - lastReconfigurationTime: - description: LastReconfigurationTime holds the value of lastReconfigTime - from bird.ctl output. - type: string - routerID: - description: Router ID used by bird. - type: string - state: - description: The state of the BGP Daemon. - type: string - version: - description: Version of the BGP daemon - type: string - type: object - birdV6: - description: BIRDV6 represents the latest observed status of bird6. - properties: - lastBootTime: - description: LastBootTime holds the value of lastBootTime - from bird.ctl output. - type: string - lastReconfigurationTime: - description: LastReconfigurationTime holds the value of lastReconfigTime - from bird.ctl output. - type: string - routerID: - description: Router ID used by bird. - type: string - state: - description: The state of the BGP Daemon. - type: string - version: - description: Version of the BGP daemon - type: string - type: object - type: object - bgp: - description: BGP holds node BGP status. - properties: - numberEstablishedV4: - description: The total number of IPv4 established bgp sessions. - type: integer - numberEstablishedV6: - description: The total number of IPv6 established bgp sessions. - type: integer - numberNotEstablishedV4: - description: The total number of IPv4 non-established bgp sessions. - type: integer - numberNotEstablishedV6: - description: The total number of IPv6 non-established bgp sessions. - type: integer - peersV4: - description: PeersV4 represents IPv4 BGP peers status on the node. - items: - description: CalicoNodePeer contains the status of BGP peers - on the node. - properties: - peerIP: - description: IP address of the peer whose condition we are - reporting. - type: string - since: - description: Since the state or reason last changed. - type: string - state: - description: State is the BGP session state. - type: string - type: - description: Type indicates whether this peer is configured - via the node-to-node mesh, or via en explicit global or - per-node BGPPeer object. - type: string - type: object - type: array - peersV6: - description: PeersV6 represents IPv6 BGP peers status on the node. - items: - description: CalicoNodePeer contains the status of BGP peers - on the node. - properties: - peerIP: - description: IP address of the peer whose condition we are - reporting. - type: string - since: - description: Since the state or reason last changed. - type: string - state: - description: State is the BGP session state. - type: string - type: - description: Type indicates whether this peer is configured - via the node-to-node mesh, or via en explicit global or - per-node BGPPeer object. - type: string - type: object - type: array - required: - - numberEstablishedV4 - - numberEstablishedV6 - - numberNotEstablishedV4 - - numberNotEstablishedV6 - type: object - lastUpdated: - description: LastUpdated is a timestamp representing the server time - when CalicoNodeStatus object last updated. It is represented in - RFC3339 form and is in UTC. - format: date-time - nullable: true - type: string - routes: - description: Routes reports routes known to the Calico BGP daemon - on the node. - properties: - routesV4: - description: RoutesV4 represents IPv4 routes on the node. - items: - description: CalicoNodeRoute contains the status of BGP routes - on the node. - properties: - destination: - description: Destination of the route. - type: string - gateway: - description: Gateway for the destination. - type: string - interface: - description: Interface for the destination - type: string - learnedFrom: - description: LearnedFrom contains information regarding - where this route originated. - properties: - peerIP: - description: If sourceType is NodeMesh or BGPPeer, IP - address of the router that sent us this route. - type: string - sourceType: - description: Type of the source where a route is learned - from. - type: string - type: object - type: - description: Type indicates if the route is being used for - forwarding or not. - type: string - type: object - type: array - routesV6: - description: RoutesV6 represents IPv6 routes on the node. - items: - description: CalicoNodeRoute contains the status of BGP routes - on the node. - properties: - destination: - description: Destination of the route. - type: string - gateway: - description: Gateway for the destination. - type: string - interface: - description: Interface for the destination - type: string - learnedFrom: - description: LearnedFrom contains information regarding - where this route originated. - properties: - peerIP: - description: If sourceType is NodeMesh or BGPPeer, IP - address of the router that sent us this route. - type: string - sourceType: - description: Type of the source where a route is learned - from. - type: string - type: object - type: - description: Type indicates if the route is being used for - forwarding or not. - type: string - type: object - type: array - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: ClusterInformation - listKind: ClusterInformationList - plural: clusterinformations - singular: clusterinformation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterInformation contains the cluster specific information. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterInformationSpec contains the values of describing - the cluster. - properties: - calicoVersion: - description: CalicoVersion is the version of Calico that the cluster - is running - type: string - clusterGUID: - description: ClusterGUID is the GUID of the cluster - type: string - clusterType: - description: ClusterType describes the type of the cluster - type: string - datastoreReady: - description: DatastoreReady is used during significant datastore migrations - to signal to components such as Felix that it should wait before - accessing the datastore. - type: boolean - variant: - description: Variant declares which variant of Calico should be active. - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: FelixConfiguration - listKind: FelixConfigurationList - plural: felixconfigurations - singular: felixconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Felix Configuration contains the configuration for Felix. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FelixConfigurationSpec contains the values of the Felix configuration. - properties: - allowIPIPPacketsFromWorkloads: - description: 'AllowIPIPPacketsFromWorkloads controls whether Felix - will add a rule to drop IPIP encapsulated traffic from workloads - [Default: false]' - type: boolean - allowVXLANPacketsFromWorkloads: - description: 'AllowVXLANPacketsFromWorkloads controls whether Felix - will add a rule to drop VXLAN encapsulated traffic from workloads - [Default: false]' - type: boolean - awsSrcDstCheck: - description: 'Set source-destination-check on AWS EC2 instances. Accepted - value must be one of "DoNothing", "Enable" or "Disable". [Default: - DoNothing]' - enum: - - DoNothing - - Enable - - Disable - type: string - bpfConnectTimeLoadBalancingEnabled: - description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, - controls whether Felix installs the connection-time load balancer. The - connect-time load balancer is required for the host to be able to - reach Kubernetes services and it improves the performance of pod-to-service - connections. The only reason to disable it is for debugging purposes. [Default: - true]' - type: boolean - bpfDataIfacePattern: - description: BPFDataIfacePattern is a regular expression that controls - which interfaces Felix should attach BPF programs to in order to - catch traffic to/from the network. This needs to match the interfaces - that Calico workload traffic flows over as well as any interfaces - that handle incoming traffic to nodeports and services from outside - the cluster. It should not match the workload interfaces (usually - named cali...). - type: string - bpfDisableUnprivileged: - description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled - sysctl to disable unprivileged use of BPF. This ensures that unprivileged - users cannot access Calico''s BPF maps and cannot insert their own - BPF programs to interfere with Calico''s. [Default: true]' - type: boolean - bpfEnabled: - description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. - [Default: false]' - type: boolean - bpfEnforceRPF: - description: 'BPFEnforceRPF enforce strict RPF on all interfaces with - BPF programs regardless of what is the per-interfaces or global - setting. Possible values are Disabled or Strict. [Default: Strict]' - type: string - bpfExtToServiceConnmark: - description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit - mark that is set on connections from an external client to a local - service. This mark allows us to control how packets of that connection - are routed within the host and how is routing intepreted by RPF - check. [Default: 0]' - type: integer - bpfExternalServiceMode: - description: 'BPFExternalServiceMode in BPF mode, controls how connections - from outside the cluster to services (node ports and cluster IPs) - are forwarded to remote workloads. If set to "Tunnel" then both - request and response traffic is tunneled to the remote node. If - set to "DSR", the request traffic is tunneled but the response traffic - is sent directly from the remote node. In "DSR" mode, the remote - node appears to use the IP of the ingress node; this requires a - permissive L2 network. [Default: Tunnel]' - type: string - bpfHostConntrackBypass: - description: 'BPFHostConntrackBypass Controls whether to bypass Linux - conntrack in BPF mode for workloads and services. [Default: true - - bypass Linux conntrack]' - type: boolean - bpfKubeProxyEndpointSlicesEnabled: - description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls - whether Felix's embedded kube-proxy accepts EndpointSlices or not. - type: boolean - bpfKubeProxyIptablesCleanupEnabled: - description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF - mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s - iptables chains. Should only be enabled if kube-proxy is not running. [Default: - true]' - type: boolean - bpfKubeProxyMinSyncPeriod: - description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the - minimum time between updates to the dataplane for Felix''s embedded - kube-proxy. Lower values give reduced set-up latency. Higher values - reduce Felix CPU usage by batching up more work. [Default: 1s]' - type: string - bpfLogLevel: - description: 'BPFLogLevel controls the log level of the BPF programs - when in BPF dataplane mode. One of "Off", "Info", or "Debug". The - logs are emitted to the BPF trace pipe, accessible with the command - `tc exec bpf debug`. [Default: Off].' - type: string - bpfMapSizeConntrack: - description: 'BPFMapSizeConntrack sets the size for the conntrack - map. This map must be large enough to hold an entry for each active - connection. Warning: changing the size of the conntrack map can - cause disruption.' - type: integer - bpfMapSizeIPSets: - description: BPFMapSizeIPSets sets the size for ipsets map. The IP - sets map must be large enough to hold an entry for each endpoint - matched by every selector in the source/destination matches in network - policy. Selectors such as "all()" can result in large numbers of - entries (one entry per endpoint in that case). - type: integer - bpfMapSizeNATAffinity: - type: integer - bpfMapSizeNATBackend: - description: BPFMapSizeNATBackend sets the size for nat back end map. - This is the total number of endpoints. This is mostly more than - the size of the number of services. - type: integer - bpfMapSizeNATFrontend: - description: BPFMapSizeNATFrontend sets the size for nat front end - map. FrontendMap should be large enough to hold an entry for each - nodeport, external IP and each port in each service. - type: integer - bpfMapSizeRoute: - description: BPFMapSizeRoute sets the size for the routes map. The - routes map should be large enough to hold one entry per workload - and a handful of entries per host (enough to cover its own IPs and - tunnel IPs). - type: integer - bpfPSNATPorts: - anyOf: - - type: integer - - type: string - description: 'BPFPSNATPorts sets the range from which we randomly - pick a port if there is a source port collision. This should be - within the ephemeral range as defined by RFC 6056 (1024–65535) and - preferably outside the ephemeral ranges used by common operating - systems. Linux uses 32768–60999, while others mostly use the IANA - defined range 49152–65535. It is not necessarily a problem if this - range overlaps with the operating systems. Both ends of the range - are inclusive. [Default: 20000:29999]' - pattern: ^.* - x-kubernetes-int-or-string: true - chainInsertMode: - description: 'ChainInsertMode controls whether Felix hooks the kernel''s - top-level iptables chains by inserting a rule at the top of the - chain or by appending a rule at the bottom. insert is the safe default - since it prevents Calico''s rules from being bypassed. If you switch - to append mode, be sure that the other rules in the chains signal - acceptance by falling through to the Calico rules, otherwise the - Calico policy will be bypassed. [Default: insert]' - type: string - dataplaneDriver: - description: DataplaneDriver filename of the external dataplane driver - to use. Only used if UseInternalDataplaneDriver is set to false. - type: string - dataplaneWatchdogTimeout: - description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout - used for Felix''s (internal) dataplane driver. Increase this value - if you experience spurious non-ready or non-live events when Felix - is under heavy load. Decrease the value to get felix to report non-live - or non-ready more quickly. [Default: 90s]' - type: string - debugDisableLogDropping: - type: boolean - debugMemoryProfilePath: - type: string - debugSimulateCalcGraphHangAfter: - type: string - debugSimulateDataplaneHangAfter: - type: string - defaultEndpointToHostAction: - description: 'DefaultEndpointToHostAction controls what happens to - traffic that goes from a workload endpoint to the host itself (after - the traffic hits the endpoint egress policy). By default Calico - blocks traffic from workload endpoints to the host itself with an - iptables "DROP" action. If you want to allow some or all traffic - from endpoint to host, set this parameter to RETURN or ACCEPT. Use - RETURN if you have your own rules in the iptables "INPUT" chain; - Calico will insert its rules at the top of that chain, then "RETURN" - packets to the "INPUT" chain once it has completed processing workload - endpoint egress policy. Use ACCEPT to unconditionally accept packets - from workloads after processing workload endpoint egress policy. - [Default: Drop]' - type: string - deviceRouteProtocol: - description: This defines the route protocol added to programmed device - routes, by default this will be RTPROT_BOOT when left blank. - type: integer - deviceRouteSourceAddress: - description: This is the IPv4 source address to use on programmed - device routes. By default the source address is left blank, leaving - the kernel to choose the source address used. - type: string - deviceRouteSourceAddressIPv6: - description: This is the IPv6 source address to use on programmed - device routes. By default the source address is left blank, leaving - the kernel to choose the source address used. - type: string - disableConntrackInvalidCheck: - type: boolean - endpointReportingDelay: - type: string - endpointReportingEnabled: - type: boolean - externalNodesList: - description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes - which may source tunnel traffic and have the tunneled traffic be - accepted at calico nodes. - items: - type: string - type: array - failsafeInboundHostPorts: - description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports - and CIDRs that Felix will allow incoming traffic to host endpoints - on irrespective of the security policy. This is useful to avoid - accidentally cutting off a host with incorrect configuration. For - back-compatibility, if the protocol is not specified, it defaults - to "tcp". If a CIDR is not specified, it will allow traffic from - all addresses. To disable all inbound host ports, use the value - none. The default value allows ssh access and DHCP. [Default: tcp:22, - udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]' - items: - description: ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - failsafeOutboundHostPorts: - description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports - and CIDRs that Felix will allow outgoing traffic from host endpoints - to irrespective of the security policy. This is useful to avoid - accidentally cutting off a host with incorrect configuration. For - back-compatibility, if the protocol is not specified, it defaults - to "tcp". If a CIDR is not specified, it will allow traffic from - all addresses. To disable all outbound host ports, use the value - none. The default value opens etcd''s standard ports to ensure that - Felix does not get cut off from etcd as well as allowing DHCP and - DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, - tcp:6667, udp:53, udp:67]' - items: - description: ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - featureDetectOverride: - description: FeatureDetectOverride is used to override the feature - detection. Values are specified in a comma separated list with no - spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". - "true" or "false" will force the feature, empty or omitted values - are auto-detected. - type: string - floatingIPs: - description: FloatingIPs configures whether or not Felix will program - floating IP addresses. - enum: - - Enabled - - Disabled - type: string - genericXDPEnabled: - description: 'GenericXDPEnabled enables Generic XDP so network cards - that don''t support XDP offload or driver modes can use XDP. This - is not recommended since it doesn''t provide better performance - than iptables. [Default: false]' - type: boolean - healthEnabled: - type: boolean - healthHost: - type: string - healthPort: - type: integer - interfaceExclude: - description: 'InterfaceExclude is a comma-separated list of interfaces - that Felix should exclude when monitoring for host endpoints. The - default value ensures that Felix ignores Kubernetes'' IPVS dummy - interface, which is used internally by kube-proxy. If you want to - exclude multiple interface names using a single value, the list - supports regular expressions. For regular expressions you must wrap - the value with ''/''. For example having values ''/^kube/,veth1'' - will exclude all interfaces that begin with ''kube'' and also the - interface ''veth1''. [Default: kube-ipvs0]' - type: string - interfacePrefix: - description: 'InterfacePrefix is the interface name prefix that identifies - workload endpoints and so distinguishes them from host endpoint - interfaces. Note: in environments other than bare metal, the orchestrators - configure this appropriately. For example our Kubernetes and Docker - integrations set the ''cali'' value, and our OpenStack integration - sets the ''tap'' value. [Default: cali]' - type: string - interfaceRefreshInterval: - description: InterfaceRefreshInterval is the period at which Felix - rescans local interfaces to verify their state. The rescan can be - disabled by setting the interval to 0. - type: string - ipipEnabled: - description: 'IPIPEnabled overrides whether Felix should configure - an IPIP interface on the host. Optional as Felix determines this - based on the existing IP pools. [Default: nil (unset)]' - type: boolean - ipipMTU: - description: 'IPIPMTU is the MTU to set on the tunnel device. See - Configuring MTU [Default: 1440]' - type: integer - ipsetsRefreshInterval: - description: 'IpsetsRefreshInterval is the period at which Felix re-checks - all iptables state to ensure that no other process has accidentally - broken Calico''s rules. Set to 0 to disable iptables refresh. [Default: - 90s]' - type: string - iptablesBackend: - description: IptablesBackend specifies which backend of iptables will - be used. The default is legacy. - type: string - iptablesFilterAllowAction: - type: string - iptablesLockFilePath: - description: 'IptablesLockFilePath is the location of the iptables - lock file. You may need to change this if the lock file is not in - its standard location (for example if you have mapped it into Felix''s - container at a different path). [Default: /run/xtables.lock]' - type: string - iptablesLockProbeInterval: - description: 'IptablesLockProbeInterval is the time that Felix will - wait between attempts to acquire the iptables lock if it is not - available. Lower values make Felix more responsive when the lock - is contended, but use more CPU. [Default: 50ms]' - type: string - iptablesLockTimeout: - description: 'IptablesLockTimeout is the time that Felix will wait - for the iptables lock, or 0, to disable. To use this feature, Felix - must share the iptables lock file with all other processes that - also take the lock. When running Felix inside a container, this - requires the /run directory of the host to be mounted into the calico/node - or calico/felix container. [Default: 0s disabled]' - type: string - iptablesMangleAllowAction: - type: string - iptablesMarkMask: - description: 'IptablesMarkMask is the mask that Felix selects its - IPTables Mark bits from. Should be a 32 bit hexadecimal number with - at least 8 bits set, none of which clash with any other mark bits - in use on the system. [Default: 0xff000000]' - format: int32 - type: integer - iptablesNATOutgoingInterfaceFilter: - type: string - iptablesPostWriteCheckInterval: - description: 'IptablesPostWriteCheckInterval is the period after Felix - has done a write to the dataplane that it schedules an extra read - back in order to check the write was not clobbered by another process. - This should only occur if another application on the system doesn''t - respect the iptables lock. [Default: 1s]' - type: string - iptablesRefreshInterval: - description: 'IptablesRefreshInterval is the period at which Felix - re-checks the IP sets in the dataplane to ensure that no other process - has accidentally broken Calico''s rules. Set to 0 to disable IP - sets refresh. Note: the default for this value is lower than the - other refresh intervals as a workaround for a Linux kernel bug that - was fixed in kernel version 4.11. If you are using v4.11 or greater - you may want to set this to, a higher value to reduce Felix CPU - usage. [Default: 10s]' - type: string - ipv6Support: - description: IPv6Support controls whether Felix enables support for - IPv6 (if supported by the in-use dataplane). - type: boolean - kubeNodePortRanges: - description: 'KubeNodePortRanges holds list of port ranges used for - service node ports. Only used if felix detects kube-proxy running - in ipvs mode. Felix uses these ranges to separate host and workload - traffic. [Default: 30000:32767].' - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - logDebugFilenameRegex: - description: LogDebugFilenameRegex controls which source code files - have their Debug log output included in the logs. Only logs from - files with names that match the given regular expression are included. The - filter only applies to Debug level logs. - type: string - logFilePath: - description: 'LogFilePath is the full path to the Felix log. Set to - none to disable file logging. [Default: /var/log/calico/felix.log]' - type: string - logPrefix: - description: 'LogPrefix is the log prefix that Felix uses when rendering - LOG rules. [Default: calico-packet]' - type: string - logSeverityFile: - description: 'LogSeverityFile is the log severity above which logs - are sent to the log file. [Default: Info]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - type: string - logSeveritySys: - description: 'LogSeveritySys is the log severity above which logs - are sent to the syslog. Set to None for no logging to syslog. [Default: - Info]' - type: string - maxIpsetSize: - type: integer - metadataAddr: - description: 'MetadataAddr is the IP address or domain name of the - server that can answer VM queries for cloud-init metadata. In OpenStack, - this corresponds to the machine running nova-api (or in Ubuntu, - nova-api-metadata). A value of none (case insensitive) means that - Felix should not set up any NAT rule for the metadata path. [Default: - 127.0.0.1]' - type: string - metadataPort: - description: 'MetadataPort is the port of the metadata server. This, - combined with global.MetadataAddr (if not ''None''), is used to - set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. - In most cases this should not need to be changed [Default: 8775].' - type: integer - mtuIfacePattern: - description: MTUIfacePattern is a regular expression that controls - which interfaces Felix should scan in order to calculate the host's - MTU. This should not match workload interfaces (usually named cali...). - type: string - natOutgoingAddress: - description: NATOutgoingAddress specifies an address to use when performing - source NAT for traffic in a natOutgoing pool that is leaving the - network. By default the address used is an address on the interface - the traffic is leaving on (ie it uses the iptables MASQUERADE target) - type: string - natPortRange: - anyOf: - - type: integer - - type: string - description: NATPortRange specifies the range of ports that is used - for port mapping when doing outgoing NAT. When unset the default - behavior of the network stack is used. - pattern: ^.* - x-kubernetes-int-or-string: true - netlinkTimeout: - type: string - openstackRegion: - description: 'OpenstackRegion is the name of the region that a particular - Felix belongs to. In a multi-region Calico/OpenStack deployment, - this must be configured somehow for each Felix (here in the datamodel, - or in felix.cfg or the environment on each compute node), and must - match the [calico] openstack_region value configured in neutron.conf - on each node. [Default: Empty]' - type: string - policySyncPathPrefix: - description: 'PolicySyncPathPrefix is used to by Felix to communicate - policy changes to external services, like Application layer policy. - [Default: Empty]' - type: string - prometheusGoMetricsEnabled: - description: 'PrometheusGoMetricsEnabled disables Go runtime metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled enables the Prometheus metrics - server in Felix if set to true. [Default: false]' - type: boolean - prometheusMetricsHost: - description: 'PrometheusMetricsHost is the host that the Prometheus - metrics server should bind to. [Default: empty]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. [Default: 9091]' - type: integer - prometheusProcessMetricsEnabled: - description: 'PrometheusProcessMetricsEnabled disables process metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - prometheusWireGuardMetricsEnabled: - description: 'PrometheusWireGuardMetricsEnabled disables wireguard - metrics collection, which the Prometheus client does by default, - when set to false. This reduces the number of metrics reported, - reducing Prometheus load. [Default: true]' - type: boolean - removeExternalRoutes: - description: Whether or not to remove device routes that have not - been programmed by Felix. Disabling this will allow external applications - to also add device routes. This is enabled by default which means - we will remove externally added routes. - type: boolean - reportingInterval: - description: 'ReportingInterval is the interval at which Felix reports - its status into the datastore or 0 to disable. Must be non-zero - in OpenStack deployments. [Default: 30s]' - type: string - reportingTTL: - description: 'ReportingTTL is the time-to-live setting for process-wide - status reports. [Default: 90s]' - type: string - routeRefreshInterval: - description: 'RouteRefreshInterval is the period at which Felix re-checks - the routes in the dataplane to ensure that no other process has - accidentally broken Calico''s rules. Set to 0 to disable route refresh. - [Default: 90s]' - type: string - routeSource: - description: 'RouteSource configures where Felix gets its routing - information. - WorkloadIPs: use workload endpoints to construct - routes. - CalicoIPAM: the default - use IPAM data to construct routes.' - type: string - routeTableRange: - description: Deprecated in favor of RouteTableRanges. Calico programs - additional Linux route tables for various purposes. RouteTableRange - specifies the indices of the route tables that Calico should use. - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - routeTableRanges: - description: Calico programs additional Linux route tables for various - purposes. RouteTableRanges specifies a set of table index ranges - that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`. - items: - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - type: array - serviceLoopPrevention: - description: 'When service IP advertisement is enabled, prevent routing - loops to service IPs that are not in use, by dropping or rejecting - packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled", - in which case such routing loops continue to be allowed. [Default: - Drop]' - type: string - sidecarAccelerationEnabled: - description: 'SidecarAccelerationEnabled enables experimental sidecar - acceleration [Default: false]' - type: boolean - usageReportingEnabled: - description: 'UsageReportingEnabled reports anonymous Calico version - number and cluster size to projectcalico.org. Logs warnings returned - by the usage server. For example, if a significant security vulnerability - has been discovered in the version of Calico being used. [Default: - true]' - type: boolean - usageReportingInitialDelay: - description: 'UsageReportingInitialDelay controls the minimum delay - before Felix makes a report. [Default: 300s]' - type: string - usageReportingInterval: - description: 'UsageReportingInterval controls the interval at which - Felix makes reports. [Default: 86400s]' - type: string - useInternalDataplaneDriver: - description: UseInternalDataplaneDriver, if true, Felix will use its - internal dataplane programming logic. If false, it will launch - an external dataplane driver and communicate with it over protobuf. - type: boolean - vxlanEnabled: - description: 'VXLANEnabled overrides whether Felix should create the - VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix - determines this based on the existing IP pools. [Default: nil (unset)]' - type: boolean - vxlanMTU: - description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel - device. See Configuring MTU [Default: 1410]' - type: integer - vxlanMTUV6: - description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel - device. See Configuring MTU [Default: 1390]' - type: integer - vxlanPort: - type: integer - vxlanVNI: - type: integer - wireguardEnabled: - description: 'WireguardEnabled controls whether Wireguard is enabled. - [Default: false]' - type: boolean - wireguardHostEncryptionEnabled: - description: 'WireguardHostEncryptionEnabled controls whether Wireguard - host-to-host encryption is enabled. [Default: false]' - type: boolean - wireguardInterfaceName: - description: 'WireguardInterfaceName specifies the name to use for - the Wireguard interface. [Default: wg.calico]' - type: string - wireguardKeepAlive: - description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive - option. Set 0 to disable. [Default: 0]' - type: string - wireguardListeningPort: - description: 'WireguardListeningPort controls the listening port used - by Wireguard. [Default: 51820]' - type: integer - wireguardMTU: - description: 'WireguardMTU controls the MTU on the Wireguard interface. - See Configuring MTU [Default: 1420]' - type: integer - wireguardRoutingRulePriority: - description: 'WireguardRoutingRulePriority controls the priority value - to use for the Wireguard routing rule. [Default: 99]' - type: integer - workloadSourceSpoofing: - description: WorkloadSourceSpoofing controls whether pods can use - the allowedSourcePrefixes annotation to send traffic with a source - IP address that is not theirs. This is disabled by default. When - set to "Any", pods can request any prefix. - type: string - xdpEnabled: - description: 'XDPEnabled enables XDP acceleration for suitable untracked - incoming deny rules. [Default: true]' - type: boolean - xdpRefreshInterval: - description: 'XDPRefreshInterval is the period at which Felix re-checks - all XDP state to ensure that no other process has accidentally broken - Calico''s BPF maps or attached programs. Set to 0 to disable XDP - refresh. [Default: 90s]' - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkPolicy - listKind: GlobalNetworkPolicyList - plural: globalnetworkpolicies - singular: globalnetworkpolicy - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - applyOnForward: - description: ApplyOnForward indicates to apply the rules in this policy - on forward traffic. - type: boolean - doNotTrack: - description: DoNotTrack indicates whether packets matched by the rules - in this policy should go through the data plane's connection tracking, - such as Linux conntrack. If True, the rules in this policy are - applied before any data plane connection tracking, and packets allowed - by this policy are marked as not to be tracked. - type: boolean - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - namespaceSelector: - description: NamespaceSelector is an optional field for an expression - used to select a pod based on namespaces. - type: string - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - preDNAT: - description: PreDNAT indicates to apply the rules in this policy before - any DNAT. - type: boolean - selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress rules are present in the policy. The - default is: \n - [ PolicyTypeIngress ], if there are no Egress rules - (including the case where there are also no Ingress rules) \n - - [ PolicyTypeEgress ], if there are Egress rules but no Ingress - rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are - both Ingress and Egress rules. \n When the policy is read back again, - Types will always be one of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkSet - listKind: GlobalNetworkSetList - plural: globalnetworksets - singular: globalnetworkset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs - that share labels to allow rules to refer to them via selectors. The labels - of GlobalNetworkSet are not namespaced. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GlobalNetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: HostEndpoint - listKind: HostEndpointList - plural: hostendpoints - singular: hostendpoint - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostEndpointSpec contains the specification for a HostEndpoint - resource. - properties: - expectedIPs: - description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. - If \"InterfaceName\" is not present, Calico will look for an interface - matching any of the IPs in the list and apply policy to that. Note: - \tWhen using the selector match criteria in an ingress or egress - security Policy \tor Profile, Calico converts the selector into - a set of IP addresses. For host \tendpoints, the ExpectedIPs field - is used for that purpose. (If only the interface \tname is specified, - Calico does not learn the IPs of the interface for use in match - \tcriteria.)" - items: - type: string - type: array - interfaceName: - description: "Either \"*\", or the name of a specific Linux interface - to apply policy to; or empty. \"*\" indicates that this HostEndpoint - governs all traffic to, from or through the default network namespace - of the host named by the \"Node\" field; entering and leaving that - namespace via any interface, including those from/to non-host-networked - local workloads. \n If InterfaceName is not \"*\", this HostEndpoint - only governs traffic that enters or leaves the host through the - specific interface named by InterfaceName, or - when InterfaceName - is empty - through the specific interface that has one of the IPs - in ExpectedIPs. Therefore, when InterfaceName is empty, at least - one expected IP must be specified. Only external interfaces (such - as \"eth0\") are supported here; it isn't possible for a HostEndpoint - to protect traffic through a specific local workload interface. - \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; - initially just pre-DNAT policy. Please check Calico documentation - for the latest position." - type: string - node: - description: The node name identifying the Calico node instance. - type: string - ports: - description: Ports contains the endpoint's named ports, which may - be referenced in security policy rules. - items: - properties: - name: - type: string - port: - type: integer - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - required: - - name - - port - - protocol - type: object - type: array - profiles: - description: A list of identifiers of security Profile objects that - apply to this endpoint. Each profile is applied in the order that - they appear in this list. Profile rules are applied after the selector-based - security policy. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamblocks.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMBlock - listKind: IPAMBlockList - plural: ipamblocks - singular: ipamblock - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMBlockSpec contains the specification for an IPAMBlock - resource. - properties: - affinity: - description: Affinity of the block, if this block has one. If set, - it will be of the form "host:". If not set, this block - is not affine to a host. - type: string - allocations: - description: Array of allocations in-use within this block. nil entries - mean the allocation is free. For non-nil entries at index i, the - index is the ordinal of the allocation within this block and the - value is the index of the associated attributes in the Attributes - array. - items: - type: integer - # TODO: This nullable is manually added in. We should update controller-gen - # to handle []*int properly itself. - nullable: true - type: array - attributes: - description: Attributes is an array of arbitrary metadata associated - with allocations in the block. To find attributes for a given allocation, - use the value of the allocation's entry in the Allocations array - as the index of the element in this array. - items: - properties: - handle_id: - type: string - secondary: - additionalProperties: - type: string - type: object - type: object - type: array - cidr: - description: The block's CIDR. - type: string - deleted: - description: Deleted is an internal boolean used to workaround a limitation - in the Kubernetes API whereby deletion will not return a conflict - error if the block has been updated. It should not be set manually. - type: boolean - sequenceNumber: - default: 0 - description: We store a sequence number that is updated each time - the block is written. Each allocation will also store the sequence - number of the block at the time of its creation. When releasing - an IP, passing the sequence number associated with the allocation - allows us to protect against a race condition and ensure the IP - hasn't been released and re-allocated since the release request. - format: int64 - type: integer - sequenceNumberForAllocation: - additionalProperties: - format: int64 - type: integer - description: Map of allocated ordinal within the block to sequence - number of the block at the time of allocation. Kubernetes does not - allow numerical keys for maps, so the key is cast to a string. - type: object - strictAffinity: - description: StrictAffinity on the IPAMBlock is deprecated and no - longer used by the code. Use IPAMConfig StrictAffinity instead. - type: boolean - unallocated: - description: Unallocated is an ordered list of allocations which are - free in the block. - items: - type: integer - type: array - required: - - allocations - - attributes - - cidr - - strictAffinity - - unallocated - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamconfigs.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMConfig - listKind: IPAMConfigList - plural: ipamconfigs - singular: ipamconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMConfigSpec contains the specification for an IPAMConfig - resource. - properties: - autoAllocateBlocks: - type: boolean - maxBlocksPerHost: - description: MaxBlocksPerHost, if non-zero, is the max number of blocks - that can be affine to each host. - type: integer - strictAffinity: - type: boolean - required: - - autoAllocateBlocks - - strictAffinity - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamhandles.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMHandle - listKind: IPAMHandleList - plural: ipamhandles - singular: ipamhandle - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMHandleSpec contains the specification for an IPAMHandle - resource. - properties: - block: - additionalProperties: - type: integer - type: object - deleted: - type: boolean - handleID: - type: string - required: - - block - - handleID - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPPool - listKind: IPPoolList - plural: ippools - singular: ippool - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPPoolSpec contains the specification for an IPPool resource. - properties: - allowedUses: - description: AllowedUse controls what the IP pool will be used for. If - not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility - items: - type: string - type: array - blockSize: - description: The block size to use for IP address assignments from - this pool. Defaults to 26 for IPv4 and 122 for IPv6. - type: integer - cidr: - description: The pool CIDR. - type: string - disableBGPExport: - description: 'Disable exporting routes from this IP Pool''s CIDR over - BGP. [Default: false]' - type: boolean - disabled: - description: When disabled is true, Calico IPAM will not assign addresses - from this pool. - type: boolean - ipip: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - properties: - enabled: - description: When enabled is true, ipip tunneling will be used - to deliver packets to destinations within this pool. - type: boolean - mode: - description: The IPIP mode. This can be one of "always" or "cross-subnet". A - mode of "always" will also use IPIP tunneling for routing to - destination IP addresses within this pool. A mode of "cross-subnet" - will only use IPIP tunneling when the destination node is on - a different subnet to the originating node. The default value - (if not specified) is "always". - type: string - type: object - ipipMode: - description: Contains configuration for IPIP tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling - is disabled). - type: string - nat-outgoing: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - type: boolean - natOutgoing: - description: When nat-outgoing is true, packets sent from Calico networked - containers in this pool to destinations outside of this pool will - be masqueraded. - type: boolean - nodeSelector: - description: Allows IPPool to allocate for a specific node by label - selector. - type: string - vxlanMode: - description: Contains configuration for VXLAN tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. VXLAN - tunneling is disabled). - type: string - required: - - cidr - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: ipreservations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPReservation - listKind: IPReservationList - plural: ipreservations - singular: ipreservation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPReservationSpec contains the specification for an IPReservation - resource. - properties: - reservedCIDRs: - description: ReservedCIDRs is a list of CIDRs and/or IP addresses - that Calico IPAM will exclude from new allocations. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kubecontrollersconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: KubeControllersConfiguration - listKind: KubeControllersConfigurationList - plural: kubecontrollersconfigurations - singular: kubecontrollersconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubeControllersConfigurationSpec contains the values of the - Kubernetes controllers configuration. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host endpoints. - Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation of - host endpoints for every node. [Default: Disabled]' - type: string - type: object - leakGracePeriod: - description: 'LeakGracePeriod is the period used by the controller - to determine if an IP address has been leaked. Set to 0 - to disable IP garbage collection. [Default: 15m]' - type: string - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - type: object - debugProfilePort: - description: DebugProfilePort configures the port to serve memory - and cpu profiles on. If not specified, profiling is disabled. - format: int32 - type: integer - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. Set to 0 to disable. [Default: 9094]' - type: integer - required: - - controllers - type: object - status: - description: KubeControllersConfigurationStatus represents the status - of the configuration. It's useful for admins to be able to see the actual - config that was applied, which can be modified by environment variables - on the kube-controllers process. - properties: - environmentVars: - additionalProperties: - type: string - description: EnvironmentVars contains the environment variables on - the kube-controllers that influenced the RunningConfig. - type: object - runningConfig: - description: RunningConfig contains the effective config that is running - in the kube-controllers pod, after merging the API resource with - any environment variables. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace - controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host - endpoints. Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation - of host endpoints for every node. [Default: Disabled]' - type: string - type: object - leakGracePeriod: - description: 'LeakGracePeriod is the period used by the - controller to determine if an IP address has been leaked. - Set to 0 to disable IP garbage collection. [Default: - 15m]' - type: string - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - type: object - debugProfilePort: - description: DebugProfilePort configures the port to serve memory - and cpu profiles on. If not specified, profiling is disabled. - format: int32 - type: integer - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which - logs are sent to the stdout. [Default: Info]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. Set to 0 to disable. [Default: - 9094]' - type: integer - required: - - controllers - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkPolicy - listKind: NetworkPolicyList - plural: networkpolicies - singular: networkpolicy - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress are present in the policy. The default - is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including - the case where there are also no Ingress rules) \n - [ PolicyTypeEgress - ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, - PolicyTypeEgress ], if there are both Ingress and Egress rules. - \n When the policy is read back again, Types will always be one - of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkSet - listKind: NetworkSetList - plural: networksets - singular: networkset - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- ---- -# Source: calico/templates/calico-kube-controllers-rbac.yaml - -# Include a clusterrole for the kube-controllers component, -# and bind it to the calico-kube-controllers serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - # Pods are watched to check for existence as part of IPAM controller. - - apiGroups: [""] - resources: - - pods - verbs: - - get - - list - - watch - # IPAM resources are manipulated in response to node and block updates, as well as periodic triggers. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipreservations - verbs: - - list - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - watch - # Pools are watched to maintain a mapping of blocks to IP pools. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - list - - watch - # kube-controllers manages hostendpoints. - - apiGroups: ["crd.projectcalico.org"] - resources: - - hostendpoints - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - list - - create - - update - - watch - # KubeControllersConfiguration is where it gets its config - - apiGroups: ["crd.projectcalico.org"] - resources: - - kubecontrollersconfigurations - verbs: - # read its own config - - get - # create a default if none exists - - create - # update status - - update - # watch for changes - - watch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-kube-controllers -subjects: -- kind: ServiceAccount - name: calico-kube-controllers - namespace: kube-system ---- - ---- -# Source: calico/templates/calico-node-rbac.yaml -# Include a clusterrole for the calico-node DaemonSet, -# and bind it to the calico-node serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico -rules: - # Used for creating service account tokens to be used by the CNI plugin - - apiGroups: [""] - resources: - - serviceaccounts/token - resourceNames: - - canal - verbs: - - create - # The CNI plugin needs to get pods, nodes, and namespaces. - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - # EndpointSlices are used for Service-based network policy rule - # enforcement. - - apiGroups: ["discovery.k8s.io"] - resources: - - endpointslices - verbs: - - watch - - list - - apiGroups: [""] - resources: - - endpoints - - services - verbs: - # Used to discover service IPs for advertisement. - - watch - - list - # Used to discover Typhas. - - get - # Pod CIDR auto-detection on kubeadm needs access to config maps. - - apiGroups: [""] - resources: - - configmaps - verbs: - - get - - apiGroups: [""] - resources: - - nodes/status - verbs: - # Needed for clearing NodeNetworkUnavailable flag. - - patch - # Calico stores some configuration information in node annotations. - - update - # Watch for changes to Kubernetes NetworkPolicies. - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list - # Used by Calico for policy information. - - apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch - # The CNI plugin patches pods/status. - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - # Calico monitors various CRDs for config. - - apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipreservations - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - networksets - - clusterinformations - - hostendpoints - - blockaffinities - - caliconodestatuses - verbs: - - get - - list - - watch - # Calico must create and update some CRDs on startup. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update - # Calico must update some CRDs. - - apiGroups: [ "crd.projectcalico.org" ] - resources: - - caliconodestatuses - verbs: - - update - # Calico stores some configuration information on the node. - - apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch - # These permissions are only required for upgrade from v2.6, and can - # be removed after upgrade or on fresh installations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update - ---- -# Flannel ClusterRole -# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: flannel -rules: - - apiGroups: [""] - resources: - - pods - verbs: - - get - - apiGroups: [""] - resources: - - nodes - verbs: - - list - - watch - - apiGroups: [""] - resources: - - nodes/status - verbs: - - patch ---- -# Bind the flannel ClusterRole to the canal ServiceAccount. -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: canal-flannel -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: flannel -subjects: -- kind: ServiceAccount - name: canal - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: canal-calico -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico -subjects: -- kind: ServiceAccount - name: canal - namespace: kube-system - -{{ if .Networking.Canal.TyphaReplicas -}} ---- -# Source: calico/templates/calico-typha.yaml -# This manifest creates a Service, which will be backed by Calico's Typha daemon. -# Typha sits in between Felix and the API server, reducing Calico's load on the API server. - -apiVersion: v1 -kind: Service -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - ports: - - port: 5473 - protocol: TCP - targetPort: calico-typha - name: calico-typha - selector: - k8s-app: calico-typha - ---- - -# This manifest creates a Deployment of Typha to back the above service. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - # Number of Typha replicas. To enable Typha, set this to a non-zero value *and* set the - # typha_service_name variable in the canal-config ConfigMap above. - # - # We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is essential - # (when using the Kubernetes datastore). Use one replica for every 100-200 nodes. In - # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade. - replicas: {{ or .Networking.Canal.TyphaReplicas "0" }} - revisionHistoryLimit: 2 - selector: - matchLabels: - k8s-app: calico-typha - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-typha - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - # Since Calico can't network a pod until Typha is up, we need to run Typha itself - # as a host-networked pod. - serviceAccountName: canal - priorityClassName: system-cluster-critical - # fsGroup allows using projected serviceaccount tokens as described here kubernetes/kubernetes#82573 - securityContext: - fsGroup: 65534 - containers: - - image: calico/typha:v3.23.5 - name: calico-typha - ports: - - containerPort: 5473 - name: calico-typha - protocol: TCP - env: - # Enable "info" logging by default. Can be set to "debug" to increase verbosity. - - name: TYPHA_LOGSEVERITYSCREEN - value: "info" - # Disable logging to file and syslog since those don't make sense in Kubernetes. - - name: TYPHA_LOGFILEPATH - value: "none" - - name: TYPHA_LOGSEVERITYSYS - value: "none" - # Monitor the Kubernetes API to find the number of running instances and rebalance - # connections. - - name: TYPHA_CONNECTIONREBALANCINGMODE - value: "kubernetes" - - name: TYPHA_DATASTORETYPE - value: "kubernetes" - - name: TYPHA_HEALTHENABLED - value: "true" - - name: TYPHA_PROMETHEUSMETRICSENABLED - value: "{{- .Networking.Canal.TyphaPrometheusMetricsEnabled }}" - - name: TYPHA_PROMETHEUSMETRICSPORT - value: "{{- or .Networking.Canal.TyphaPrometheusMetricsPort "9093" }}" - livenessProbe: - httpGet: - path: /liveness - port: 9098 - host: localhost - periodSeconds: 30 - initialDelaySeconds: 30 - timeoutSeconds: 10 - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readinessProbe: - httpGet: - path: /readiness - port: 9098 - host: localhost - periodSeconds: 10 - timeoutSeconds: 10 - ---- - -# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: calico-typha -{{- end }} - ---- -# Source: calico/templates/calico-node.yaml -# This manifest installs the canal container, as well -# as the CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: canal - namespace: kube-system - labels: - k8s-app: canal -spec: - selector: - matchLabels: - k8s-app: canal - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: canal - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Make sure canal gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: canal - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 0 - priorityClassName: system-node-critical - initContainers: - # This container installs the CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: docker.io/calico/cni:v3.23.5 - command: ["/opt/cni/bin/install"] - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - # Set the serviceaccount name to use for the Calico CNI plugin. - # We use canal-node instead of calico-node when using flannel networking. - - name: CALICO_CNI_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # Name of the CNI config file to create. - - name: CNI_CONF_NAME - value: "10-canal.conflist" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: canal-config - key: cni_network_config - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # CNI MTU Config variable - - name: CNI_MTU - valueFrom: - configMapKeyRef: - name: canal-config - key: veth_mtu - # Prevents the container from sleeping forever. - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - securityContext: - privileged: true - # This init container mounts the necessary filesystems needed by the BPF data plane - # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed - # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - - name: "mount-bpffs" - image: docker.io/calico/node:v3.23.5 - command: ["calico-node", "-init", "-best-effort"] - volumeMounts: - - mountPath: /sys/fs - name: sys-fs - # Bidirectional is required to ensure that the new mount we make at /sys/fs/bpf propagates to the host - # so that it outlives the init container. - mountPropagation: Bidirectional - - mountPath: /var/run/calico - name: var-run-calico - # Bidirectional is required to ensure that the new mount we make at /run/calico/cgroup propagates to the host - # so that it outlives the init container. - mountPropagation: Bidirectional - # Mount /proc/ from host which usually is an init program at /nodeproc. It's needed by mountns binary, - # executed by calico-node, to mount root cgroup2 fs at /run/calico/cgroup to attach CTLB programs correctly. - - mountPath: /nodeproc - name: nodeproc - readOnly: true - securityContext: - privileged: true - containers: - # Runs canal container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: docker.io/calico/node:v3.23.5 - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - # Use Kubernetes API as the backing datastore. - - name: DATASTORE_TYPE - value: "kubernetes" - # Configure route aggregation based on pod CIDR. - - name: USE_POD_CIDR - value: "true" - {{- if .Networking.Canal.TyphaReplicas }} - # Typha support: controlled by the ConfigMap. - - name: FELIX_TYPHAK8SSERVICENAME - valueFrom: - configMapKeyRef: - name: canal-config - key: typha_service_name - {{- end }} - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Set the serviceaccount name to use for the Calico CNI plugin. - # We use canal-node instead of calico-node when using flannel networking. - - name: CALICO_CNI_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - # Don't enable BGP. - - name: CALICO_NETWORKING_BACKEND - value: "none" - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "k8s,canal" - # Period, in seconds, at which felix re-applies all iptables state - - name: FELIX_IPTABLESREFRESHINTERVAL - value: "60" - # No IP address needed. - - name: IP - value: "" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: canal-config - key: veth_mtu - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - # - name: CALICO_IPV4POOL_CIDR - # value: "192.168.0.0/16" - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "{{- or .Networking.Canal.DefaultEndpointToHostAction "ACCEPT" }}" - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - - name: FELIX_HEALTHENABLED - value: "true" - - # kops additions - # Controls whether Felix inserts rules to the top of iptables chains, or appends to the bottom - - name: FELIX_CHAININSERTMODE - value: "{{- or .Networking.Canal.ChainInsertMode "insert" }}" - # Set Felix iptables binary variant, Legacy or NFT - - name: FELIX_IPTABLESBACKEND - value: "{{- or .Networking.Canal.IptablesBackend "Auto" }}" - # Controls the log level - - name: FELIX_LOGSEVERITYSCREEN - value: "{{- or .Networking.Canal.LogSeveritySys "info" }}" - # Set to enable the experimental Prometheus metrics server - - name: FELIX_PROMETHEUSMETRICSENABLED - value: "{{- .Networking.Canal.PrometheusMetricsEnabled }}" - # TCP port that the Prometheus metrics server should bind to - - name: FELIX_PROMETHEUSMETRICSPORT - value: "{{- or .Networking.Canal.PrometheusMetricsPort "9091" }}" - # Enable Prometheus Go runtime metrics collection - - name: FELIX_PROMETHEUSGOMETRICSENABLED - value: "{{- .Networking.Canal.PrometheusGoMetricsEnabled }}" - # Enable Prometheus process metrics collection - - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED - value: "{{- .Networking.Canal.PrometheusProcessMetricsEnabled }}" - securityContext: - privileged: true - resources: - requests: - cpu: {{ or .Networking.Canal.CPURequest "100m" }} - lifecycle: - preStop: - exec: - command: - - /bin/calico-node - - -shutdown - livenessProbe: - exec: - command: - - /bin/calico-node - - -felix-live - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: /readiness - port: 9099 - host: localhost - periodSeconds: 10 - timeoutSeconds: 10 - volumeMounts: - # For maintaining CNI plugin API credentials. - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - readOnly: false - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - - name: policysync - mountPath: /var/run/nodeagent - # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the - # parent directory. - - name: bpffs - mountPath: /sys/fs/bpf - - name: cni-log-dir - mountPath: /var/log/calico/cni - readOnly: true - # This container runs flannel using the kube-subnet-mgr backend - # for allocating subnets. - - name: kube-flannel - image: quay.io/coreos/flannel:v0.15.1 - command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] - securityContext: - privileged: true - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: FLANNELD_IFACE - valueFrom: - configMapKeyRef: - name: canal-config - key: canal_iface - - name: FLANNELD_IP_MASQ - valueFrom: - configMapKeyRef: - name: canal-config - key: masquerade - {{- if not (WithDefaultBool .Networking.Canal.FlanneldIptablesForwardRules true) }} - - name: FLANNELD_IPTABLES_FORWARD_RULES - value: "false" - {{- end }} - volumeMounts: - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - name: flannel-cfg - mountPath: /etc/kube-flannel/ - volumes: - # Used by canal. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - - name: sys-fs - hostPath: - path: /sys/fs/ - type: DirectoryOrCreate - - name: bpffs - hostPath: - path: /sys/fs/bpf - type: Directory - # mount /proc at /nodeproc to be used by mount-bpffs initContainer to mount root cgroup2 fs. - - name: nodeproc - hostPath: - path: /proc - # Used by flannel. - - name: flannel-cfg - configMap: - name: canal-config - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Used to access CNI logs. - - name: cni-log-dir - hostPath: - path: /var/log/calico/cni - # Used to create per-pod Unix Domain Sockets - - name: policysync - hostPath: - type: DirectoryOrCreate - path: /var/run/nodeagent ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: canal - namespace: kube-system - ---- -# Source: calico/templates/calico-kube-controllers.yaml -# See https://github.com/projectcalico/kube-controllers -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - # The controllers can only have a single active instance. - replicas: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers - strategy: - type: Recreate - template: - metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - key: kubernetes.io/os - operator: In - values: - - linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - serviceAccountName: calico-kube-controllers - priorityClassName: system-cluster-critical - containers: - - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.23.5 - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: node - - name: DATASTORE_TYPE - value: kubernetes - livenessProbe: - exec: - command: - - /usr/bin/check-status - - -l - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - periodSeconds: 10 - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-kube-controllers - namespace: kube-system - ---- - -# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers - ---- -# Source: calico/templates/calico-etcd-secrets.yaml - ---- -# Source: calico/templates/calico-typha.yaml - ---- -# Source: calico/templates/configure-canal.yaml - - diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template deleted file mode 100644 index 970c3aa5a47ea..0000000000000 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template +++ /dev/null @@ -1,4964 +0,0 @@ -# Pulled and modified from: https://projectcalico.docs.tigera.io/archive/v3.23/manifests/calico-typha.yaml - -{{- if .Networking.Calico.BPFEnabled }} ---- -# Set these to the IP and port of your API server; In BPF mode, we need to connect directly to the -# API server because we take over kube-proxy's role. -kind: ConfigMap -apiVersion: v1 -metadata: - name: kubernetes-services-endpoint - namespace: kube-system -data: - KUBERNETES_SERVICE_HOST: "{{ APIInternalName }}" - KUBERNETES_SERVICE_PORT: "443" -{{- end }} - ---- -# Source: calico/templates/calico-config.yaml -# This ConfigMap is used to configure a self-hosted Calico installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system -data: - # You must set a non-zero value for Typha replicas below. - typha_service_name: "{{- if .Networking.Calico.TyphaReplicas -}}calico-typha{{- else -}}none{{- end -}}" - # Configure the backend to use. - calico_backend: "{{- if eq .Networking.Calico.EncapsulationMode "ipip" -}}bird{{- else -}}{{ .Networking.Calico.EncapsulationMode }}{{- end -}}" - - # Configure the MTU to use for workload interfaces and tunnels. - # By default, MTU is auto-detected, and explicitly setting this field should not be required. - # You can override auto-detection by providing a non-zero value. - veth_mtu: "{{ or .Networking.Calico.MTU 0 }}" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "log_file_path": "/var/log/calico/cni/cni.log", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, - "ipam": { - "assign_ipv4": "{{ not IsIPv6Only }}", - "assign_ipv6": "{{ IsIPv6Only }}", - {{- if IsIPv6Only }} - "type": "host-local", - "ranges": [[{ "subnet": "usePodCidrIPv6" }]] - {{- else }} - "type": "calico-ipam" - {{- end }} - }, - {{- if .Networking.Calico.AllowIPForwarding }} - "container_settings": { - "allow_ip_forwarding": true - }, - {{- end }} - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - }, - { - "type": "bandwidth", - "capabilities": {"bandwidth": true} - } - ] - } - ---- -# Source: calico/templates/kdd-crds.yaml - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPConfiguration - listKind: BGPConfigurationList - plural: bgpconfigurations - singular: bgpconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: BGPConfiguration contains the configuration for any BGP routing. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPConfigurationSpec contains the values of the BGP configuration. - properties: - asNumber: - description: 'ASNumber is the default AS number used by a node. [Default: - 64512]' - format: int32 - type: integer - bindMode: - description: BindMode indicates whether to listen for BGP connections - on all addresses (None) or only on the node's canonical IP address - Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen - for BGP connections on all addresses. - type: string - communities: - description: Communities is a list of BGP community values and their - arbitrary names for tagging routes. - items: - description: Community contains standard or large community value - and its name. - properties: - name: - description: Name given to community value. - type: string - value: - description: Value must be of format `aa:nn` or `aa:nn:mm`. - For standard community use `aa:nn` format, where `aa` and - `nn` are 16 bit number. For large community use `aa:nn:mm` - format, where `aa`, `nn` and `mm` are 32 bit number. Where, - `aa` is an AS Number, `nn` and `mm` are per-AS identifier. - pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$ - type: string - type: object - type: array - listenPort: - description: ListenPort is the port where BGP protocol should listen. - Defaults to 179 - maximum: 65535 - minimum: 1 - type: integer - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: INFO]' - type: string - nodeMeshMaxRestartTime: - description: Time to allow for software restart for node-to-mesh peerings. When - specified, this is configured as the graceful restart timeout. When - not specified, the BIRD default of 120s is used. This field can - only be set on the default BGPConfiguration instance and requires - that NodeMesh is enabled - type: string - nodeMeshPassword: - description: Optional BGP password for full node-to-mesh peerings. - This field can only be set on the default BGPConfiguration instance - and requires that NodeMesh is enabled - properties: - secretKeyRef: - description: Selects a key of a secret in the node pod's namespace. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - type: object - nodeToNodeMeshEnabled: - description: 'NodeToNodeMeshEnabled sets whether full node to node - BGP mesh is enabled. [Default: true]' - type: boolean - prefixAdvertisements: - description: PrefixAdvertisements contains per-prefix advertisement - configuration. - items: - description: PrefixAdvertisement configures advertisement properties - for the specified CIDR. - properties: - cidr: - description: CIDR for which properties should be advertised. - type: string - communities: - description: Communities can be list of either community names - already defined in `Specs.Communities` or community value - of format `aa:nn` or `aa:nn:mm`. For standard community use - `aa:nn` format, where `aa` and `nn` are 16 bit number. For - large community use `aa:nn:mm` format, where `aa`, `nn` and - `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and - `mm` are per-AS identifier. - items: - type: string - type: array - type: object - type: array - serviceClusterIPs: - description: ServiceClusterIPs are the CIDR blocks from which service - cluster IPs are allocated. If specified, Calico will advertise these - blocks, as well as any cluster IPs within them. - items: - description: ServiceClusterIPBlock represents a single allowed ClusterIP - CIDR block. - properties: - cidr: - type: string - type: object - type: array - serviceExternalIPs: - description: ServiceExternalIPs are the CIDR blocks for Kubernetes - Service External IPs. Kubernetes Service ExternalIPs will only be - advertised if they are within one of these blocks. - items: - description: ServiceExternalIPBlock represents a single allowed - External IP CIDR block. - properties: - cidr: - type: string - type: object - type: array - serviceLoadBalancerIPs: - description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes - Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress - IPs will only be advertised if they are within one of these blocks. - items: - description: ServiceLoadBalancerIPBlock represents a single allowed - LoadBalancer IP CIDR block. - properties: - cidr: - type: string - type: object - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: bgppeers.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BGPPeer - listKind: BGPPeerList - plural: bgppeers - singular: bgppeer - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BGPPeerSpec contains the specification for a BGPPeer resource. - properties: - asNumber: - description: The AS Number of the peer. - format: int32 - type: integer - keepOriginalNextHop: - description: Option to keep the original nexthop field when routes - are sent to a BGP Peer. Setting "true" configures the selected BGP - Peers node to use the "next hop keep;" instead of "next hop self;"(default) - in the specific branch of the Node on "bird.cfg". - type: boolean - maxRestartTime: - description: Time to allow for software restart. When specified, - this is configured as the graceful restart timeout. When not specified, - the BIRD default of 120s is used. - type: string - node: - description: The node name identifying the Calico node instance that - is targeted by this peer. If this is not set, and no nodeSelector - is specified, then this BGP peer selects all nodes in the cluster. - type: string - nodeSelector: - description: Selector for the nodes that should have this peering. When - this is set, the Node field must be empty. - type: string - numAllowedLocalASNumbers: - description: Maximum number of local AS numbers that are allowed in - the AS path for received routes. This removes BGP loop prevention - and should only be used if absolutely necesssary. - format: int32 - type: integer - password: - description: Optional BGP password for the peerings generated by this - BGPPeer resource. - properties: - secretKeyRef: - description: Selects a key of a secret in the node pod's namespace. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - type: object - peerIP: - description: The IP address of the peer followed by an optional port - number to peer with. If port number is given, format should be `[]:port` - or `:` for IPv4. If optional port number is not set, - and this peer IP and ASNumber belongs to a calico/node with ListenPort - set in BGPConfiguration, then we use that port to peer. - type: string - peerSelector: - description: Selector for the remote nodes to peer with. When this - is set, the PeerIP and ASNumber fields must be empty. For each - peering between the local node and selected remote nodes, we configure - an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, - and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The - remote AS number comes from the remote node's NodeBGPSpec.ASNumber, - or the global default if that is not set. - type: string - sourceAddress: - description: Specifies whether and how to configure a source address - for the peerings generated by this BGPPeer resource. Default value - "UseNodeIP" means to configure the node IP as the source address. "None" - means not to configure a source address. - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: blockaffinities.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: BlockAffinity - listKind: BlockAffinityList - plural: blockaffinities - singular: blockaffinity - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BlockAffinitySpec contains the specification for a BlockAffinity - resource. - properties: - cidr: - type: string - deleted: - description: Deleted indicates that this block affinity is being deleted. - This field is a string for compatibility with older releases that - mistakenly treat this field as a string. - type: string - node: - type: string - state: - type: string - required: - - cidr - - deleted - - node - - state - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: caliconodestatuses.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: CalicoNodeStatus - listKind: CalicoNodeStatusList - plural: caliconodestatuses - singular: caliconodestatus - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus - resource. - properties: - classes: - description: Classes declares the types of information to monitor - for this calico/node, and allows for selective status reporting - about certain subsets of information. - items: - type: string - type: array - node: - description: The node name identifies the Calico node instance for - node status. - type: string - updatePeriodSeconds: - description: UpdatePeriodSeconds is the period at which CalicoNodeStatus - should be updated. Set to 0 to disable CalicoNodeStatus refresh. - Maximum update period is one day. - format: int32 - type: integer - type: object - status: - description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus. - No validation needed for status since it is updated by Calico. - properties: - agent: - description: Agent holds agent status on the node. - properties: - birdV4: - description: BIRDV4 represents the latest observed status of bird4. - properties: - lastBootTime: - description: LastBootTime holds the value of lastBootTime - from bird.ctl output. - type: string - lastReconfigurationTime: - description: LastReconfigurationTime holds the value of lastReconfigTime - from bird.ctl output. - type: string - routerID: - description: Router ID used by bird. - type: string - state: - description: The state of the BGP Daemon. - type: string - version: - description: Version of the BGP daemon - type: string - type: object - birdV6: - description: BIRDV6 represents the latest observed status of bird6. - properties: - lastBootTime: - description: LastBootTime holds the value of lastBootTime - from bird.ctl output. - type: string - lastReconfigurationTime: - description: LastReconfigurationTime holds the value of lastReconfigTime - from bird.ctl output. - type: string - routerID: - description: Router ID used by bird. - type: string - state: - description: The state of the BGP Daemon. - type: string - version: - description: Version of the BGP daemon - type: string - type: object - type: object - bgp: - description: BGP holds node BGP status. - properties: - numberEstablishedV4: - description: The total number of IPv4 established bgp sessions. - type: integer - numberEstablishedV6: - description: The total number of IPv6 established bgp sessions. - type: integer - numberNotEstablishedV4: - description: The total number of IPv4 non-established bgp sessions. - type: integer - numberNotEstablishedV6: - description: The total number of IPv6 non-established bgp sessions. - type: integer - peersV4: - description: PeersV4 represents IPv4 BGP peers status on the node. - items: - description: CalicoNodePeer contains the status of BGP peers - on the node. - properties: - peerIP: - description: IP address of the peer whose condition we are - reporting. - type: string - since: - description: Since the state or reason last changed. - type: string - state: - description: State is the BGP session state. - type: string - type: - description: Type indicates whether this peer is configured - via the node-to-node mesh, or via en explicit global or - per-node BGPPeer object. - type: string - type: object - type: array - peersV6: - description: PeersV6 represents IPv6 BGP peers status on the node. - items: - description: CalicoNodePeer contains the status of BGP peers - on the node. - properties: - peerIP: - description: IP address of the peer whose condition we are - reporting. - type: string - since: - description: Since the state or reason last changed. - type: string - state: - description: State is the BGP session state. - type: string - type: - description: Type indicates whether this peer is configured - via the node-to-node mesh, or via en explicit global or - per-node BGPPeer object. - type: string - type: object - type: array - required: - - numberEstablishedV4 - - numberEstablishedV6 - - numberNotEstablishedV4 - - numberNotEstablishedV6 - type: object - lastUpdated: - description: LastUpdated is a timestamp representing the server time - when CalicoNodeStatus object last updated. It is represented in - RFC3339 form and is in UTC. - format: date-time - nullable: true - type: string - routes: - description: Routes reports routes known to the Calico BGP daemon - on the node. - properties: - routesV4: - description: RoutesV4 represents IPv4 routes on the node. - items: - description: CalicoNodeRoute contains the status of BGP routes - on the node. - properties: - destination: - description: Destination of the route. - type: string - gateway: - description: Gateway for the destination. - type: string - interface: - description: Interface for the destination - type: string - learnedFrom: - description: LearnedFrom contains information regarding - where this route originated. - properties: - peerIP: - description: If sourceType is NodeMesh or BGPPeer, IP - address of the router that sent us this route. - type: string - sourceType: - description: Type of the source where a route is learned - from. - type: string - type: object - type: - description: Type indicates if the route is being used for - forwarding or not. - type: string - type: object - type: array - routesV6: - description: RoutesV6 represents IPv6 routes on the node. - items: - description: CalicoNodeRoute contains the status of BGP routes - on the node. - properties: - destination: - description: Destination of the route. - type: string - gateway: - description: Gateway for the destination. - type: string - interface: - description: Interface for the destination - type: string - learnedFrom: - description: LearnedFrom contains information regarding - where this route originated. - properties: - peerIP: - description: If sourceType is NodeMesh or BGPPeer, IP - address of the router that sent us this route. - type: string - sourceType: - description: Type of the source where a route is learned - from. - type: string - type: object - type: - description: Type indicates if the route is being used for - forwarding or not. - type: string - type: object - type: array - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: ClusterInformation - listKind: ClusterInformationList - plural: clusterinformations - singular: clusterinformation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterInformation contains the cluster specific information. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterInformationSpec contains the values of describing - the cluster. - properties: - calicoVersion: - description: CalicoVersion is the version of Calico that the cluster - is running - type: string - clusterGUID: - description: ClusterGUID is the GUID of the cluster - type: string - clusterType: - description: ClusterType describes the type of the cluster - type: string - datastoreReady: - description: DatastoreReady is used during significant datastore migrations - to signal to components such as Felix that it should wait before - accessing the datastore. - type: boolean - variant: - description: Variant declares which variant of Calico should be active. - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: FelixConfiguration - listKind: FelixConfigurationList - plural: felixconfigurations - singular: felixconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Felix Configuration contains the configuration for Felix. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FelixConfigurationSpec contains the values of the Felix configuration. - properties: - allowIPIPPacketsFromWorkloads: - description: 'AllowIPIPPacketsFromWorkloads controls whether Felix - will add a rule to drop IPIP encapsulated traffic from workloads - [Default: false]' - type: boolean - allowVXLANPacketsFromWorkloads: - description: 'AllowVXLANPacketsFromWorkloads controls whether Felix - will add a rule to drop VXLAN encapsulated traffic from workloads - [Default: false]' - type: boolean - awsSrcDstCheck: - description: 'Set source-destination-check on AWS EC2 instances. Accepted - value must be one of "DoNothing", "Enable" or "Disable". [Default: - DoNothing]' - enum: - - DoNothing - - Enable - - Disable - type: string - bpfConnectTimeLoadBalancingEnabled: - description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, - controls whether Felix installs the connection-time load balancer. The - connect-time load balancer is required for the host to be able to - reach Kubernetes services and it improves the performance of pod-to-service - connections. The only reason to disable it is for debugging purposes. [Default: - true]' - type: boolean - bpfDataIfacePattern: - description: BPFDataIfacePattern is a regular expression that controls - which interfaces Felix should attach BPF programs to in order to - catch traffic to/from the network. This needs to match the interfaces - that Calico workload traffic flows over as well as any interfaces - that handle incoming traffic to nodeports and services from outside - the cluster. It should not match the workload interfaces (usually - named cali...). - type: string - bpfDisableUnprivileged: - description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled - sysctl to disable unprivileged use of BPF. This ensures that unprivileged - users cannot access Calico''s BPF maps and cannot insert their own - BPF programs to interfere with Calico''s. [Default: true]' - type: boolean - bpfEnabled: - description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. - [Default: false]' - type: boolean - bpfEnforceRPF: - description: 'BPFEnforceRPF enforce strict RPF on all interfaces with - BPF programs regardless of what is the per-interfaces or global - setting. Possible values are Disabled or Strict. [Default: Strict]' - type: string - bpfExtToServiceConnmark: - description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit - mark that is set on connections from an external client to a local - service. This mark allows us to control how packets of that connection - are routed within the host and how is routing intepreted by RPF - check. [Default: 0]' - type: integer - bpfExternalServiceMode: - description: 'BPFExternalServiceMode in BPF mode, controls how connections - from outside the cluster to services (node ports and cluster IPs) - are forwarded to remote workloads. If set to "Tunnel" then both - request and response traffic is tunneled to the remote node. If - set to "DSR", the request traffic is tunneled but the response traffic - is sent directly from the remote node. In "DSR" mode, the remote - node appears to use the IP of the ingress node; this requires a - permissive L2 network. [Default: Tunnel]' - type: string - bpfHostConntrackBypass: - description: 'BPFHostConntrackBypass Controls whether to bypass Linux - conntrack in BPF mode for workloads and services. [Default: true - - bypass Linux conntrack]' - type: boolean - bpfKubeProxyEndpointSlicesEnabled: - description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls - whether Felix's embedded kube-proxy accepts EndpointSlices or not. - type: boolean - bpfKubeProxyIptablesCleanupEnabled: - description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF - mode, Felix will proactively clean up the upstream Kubernetes kube-proxy''s - iptables chains. Should only be enabled if kube-proxy is not running. [Default: - true]' - type: boolean - bpfKubeProxyMinSyncPeriod: - description: 'BPFKubeProxyMinSyncPeriod, in BPF mode, controls the - minimum time between updates to the dataplane for Felix''s embedded - kube-proxy. Lower values give reduced set-up latency. Higher values - reduce Felix CPU usage by batching up more work. [Default: 1s]' - type: string - bpfLogLevel: - description: 'BPFLogLevel controls the log level of the BPF programs - when in BPF dataplane mode. One of "Off", "Info", or "Debug". The - logs are emitted to the BPF trace pipe, accessible with the command - `tc exec bpf debug`. [Default: Off].' - type: string - bpfMapSizeConntrack: - description: 'BPFMapSizeConntrack sets the size for the conntrack - map. This map must be large enough to hold an entry for each active - connection. Warning: changing the size of the conntrack map can - cause disruption.' - type: integer - bpfMapSizeIPSets: - description: BPFMapSizeIPSets sets the size for ipsets map. The IP - sets map must be large enough to hold an entry for each endpoint - matched by every selector in the source/destination matches in network - policy. Selectors such as "all()" can result in large numbers of - entries (one entry per endpoint in that case). - type: integer - bpfMapSizeNATAffinity: - type: integer - bpfMapSizeNATBackend: - description: BPFMapSizeNATBackend sets the size for nat back end map. - This is the total number of endpoints. This is mostly more than - the size of the number of services. - type: integer - bpfMapSizeNATFrontend: - description: BPFMapSizeNATFrontend sets the size for nat front end - map. FrontendMap should be large enough to hold an entry for each - nodeport, external IP and each port in each service. - type: integer - bpfMapSizeRoute: - description: BPFMapSizeRoute sets the size for the routes map. The - routes map should be large enough to hold one entry per workload - and a handful of entries per host (enough to cover its own IPs and - tunnel IPs). - type: integer - bpfPSNATPorts: - anyOf: - - type: integer - - type: string - description: 'BPFPSNATPorts sets the range from which we randomly - pick a port if there is a source port collision. This should be - within the ephemeral range as defined by RFC 6056 (1024–65535) and - preferably outside the ephemeral ranges used by common operating - systems. Linux uses 32768–60999, while others mostly use the IANA - defined range 49152–65535. It is not necessarily a problem if this - range overlaps with the operating systems. Both ends of the range - are inclusive. [Default: 20000:29999]' - pattern: ^.* - x-kubernetes-int-or-string: true - chainInsertMode: - description: 'ChainInsertMode controls whether Felix hooks the kernel''s - top-level iptables chains by inserting a rule at the top of the - chain or by appending a rule at the bottom. insert is the safe default - since it prevents Calico''s rules from being bypassed. If you switch - to append mode, be sure that the other rules in the chains signal - acceptance by falling through to the Calico rules, otherwise the - Calico policy will be bypassed. [Default: insert]' - type: string - dataplaneDriver: - description: DataplaneDriver filename of the external dataplane driver - to use. Only used if UseInternalDataplaneDriver is set to false. - type: string - dataplaneWatchdogTimeout: - description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout - used for Felix''s (internal) dataplane driver. Increase this value - if you experience spurious non-ready or non-live events when Felix - is under heavy load. Decrease the value to get felix to report non-live - or non-ready more quickly. [Default: 90s]' - type: string - debugDisableLogDropping: - type: boolean - debugMemoryProfilePath: - type: string - debugSimulateCalcGraphHangAfter: - type: string - debugSimulateDataplaneHangAfter: - type: string - defaultEndpointToHostAction: - description: 'DefaultEndpointToHostAction controls what happens to - traffic that goes from a workload endpoint to the host itself (after - the traffic hits the endpoint egress policy). By default Calico - blocks traffic from workload endpoints to the host itself with an - iptables "DROP" action. If you want to allow some or all traffic - from endpoint to host, set this parameter to RETURN or ACCEPT. Use - RETURN if you have your own rules in the iptables "INPUT" chain; - Calico will insert its rules at the top of that chain, then "RETURN" - packets to the "INPUT" chain once it has completed processing workload - endpoint egress policy. Use ACCEPT to unconditionally accept packets - from workloads after processing workload endpoint egress policy. - [Default: Drop]' - type: string - deviceRouteProtocol: - description: This defines the route protocol added to programmed device - routes, by default this will be RTPROT_BOOT when left blank. - type: integer - deviceRouteSourceAddress: - description: This is the IPv4 source address to use on programmed - device routes. By default the source address is left blank, leaving - the kernel to choose the source address used. - type: string - deviceRouteSourceAddressIPv6: - description: This is the IPv6 source address to use on programmed - device routes. By default the source address is left blank, leaving - the kernel to choose the source address used. - type: string - disableConntrackInvalidCheck: - type: boolean - endpointReportingDelay: - type: string - endpointReportingEnabled: - type: boolean - externalNodesList: - description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes - which may source tunnel traffic and have the tunneled traffic be - accepted at calico nodes. - items: - type: string - type: array - failsafeInboundHostPorts: - description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports - and CIDRs that Felix will allow incoming traffic to host endpoints - on irrespective of the security policy. This is useful to avoid - accidentally cutting off a host with incorrect configuration. For - back-compatibility, if the protocol is not specified, it defaults - to "tcp". If a CIDR is not specified, it will allow traffic from - all addresses. To disable all inbound host ports, use the value - none. The default value allows ssh access and DHCP. [Default: tcp:22, - udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]' - items: - description: ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - failsafeOutboundHostPorts: - description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports - and CIDRs that Felix will allow outgoing traffic from host endpoints - to irrespective of the security policy. This is useful to avoid - accidentally cutting off a host with incorrect configuration. For - back-compatibility, if the protocol is not specified, it defaults - to "tcp". If a CIDR is not specified, it will allow traffic from - all addresses. To disable all outbound host ports, use the value - none. The default value opens etcd''s standard ports to ensure that - Felix does not get cut off from etcd as well as allowing DHCP and - DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, - tcp:6667, udp:53, udp:67]' - items: - description: ProtoPort is combination of protocol, port, and CIDR. - Protocol and port must be specified. - properties: - net: - type: string - port: - type: integer - protocol: - type: string - required: - - port - - protocol - type: object - type: array - featureDetectOverride: - description: FeatureDetectOverride is used to override the feature - detection. Values are specified in a comma separated list with no - spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". - "true" or "false" will force the feature, empty or omitted values - are auto-detected. - type: string - floatingIPs: - description: FloatingIPs configures whether or not Felix will program - floating IP addresses. - enum: - - Enabled - - Disabled - type: string - genericXDPEnabled: - description: 'GenericXDPEnabled enables Generic XDP so network cards - that don''t support XDP offload or driver modes can use XDP. This - is not recommended since it doesn''t provide better performance - than iptables. [Default: false]' - type: boolean - healthEnabled: - type: boolean - healthHost: - type: string - healthPort: - type: integer - interfaceExclude: - description: 'InterfaceExclude is a comma-separated list of interfaces - that Felix should exclude when monitoring for host endpoints. The - default value ensures that Felix ignores Kubernetes'' IPVS dummy - interface, which is used internally by kube-proxy. If you want to - exclude multiple interface names using a single value, the list - supports regular expressions. For regular expressions you must wrap - the value with ''/''. For example having values ''/^kube/,veth1'' - will exclude all interfaces that begin with ''kube'' and also the - interface ''veth1''. [Default: kube-ipvs0]' - type: string - interfacePrefix: - description: 'InterfacePrefix is the interface name prefix that identifies - workload endpoints and so distinguishes them from host endpoint - interfaces. Note: in environments other than bare metal, the orchestrators - configure this appropriately. For example our Kubernetes and Docker - integrations set the ''cali'' value, and our OpenStack integration - sets the ''tap'' value. [Default: cali]' - type: string - interfaceRefreshInterval: - description: InterfaceRefreshInterval is the period at which Felix - rescans local interfaces to verify their state. The rescan can be - disabled by setting the interval to 0. - type: string - ipipEnabled: - description: 'IPIPEnabled overrides whether Felix should configure - an IPIP interface on the host. Optional as Felix determines this - based on the existing IP pools. [Default: nil (unset)]' - type: boolean - ipipMTU: - description: 'IPIPMTU is the MTU to set on the tunnel device. See - Configuring MTU [Default: 1440]' - type: integer - ipsetsRefreshInterval: - description: 'IpsetsRefreshInterval is the period at which Felix re-checks - all iptables state to ensure that no other process has accidentally - broken Calico''s rules. Set to 0 to disable iptables refresh. [Default: - 90s]' - type: string - iptablesBackend: - description: IptablesBackend specifies which backend of iptables will - be used. The default is legacy. - type: string - iptablesFilterAllowAction: - type: string - iptablesLockFilePath: - description: 'IptablesLockFilePath is the location of the iptables - lock file. You may need to change this if the lock file is not in - its standard location (for example if you have mapped it into Felix''s - container at a different path). [Default: /run/xtables.lock]' - type: string - iptablesLockProbeInterval: - description: 'IptablesLockProbeInterval is the time that Felix will - wait between attempts to acquire the iptables lock if it is not - available. Lower values make Felix more responsive when the lock - is contended, but use more CPU. [Default: 50ms]' - type: string - iptablesLockTimeout: - description: 'IptablesLockTimeout is the time that Felix will wait - for the iptables lock, or 0, to disable. To use this feature, Felix - must share the iptables lock file with all other processes that - also take the lock. When running Felix inside a container, this - requires the /run directory of the host to be mounted into the calico/node - or calico/felix container. [Default: 0s disabled]' - type: string - iptablesMangleAllowAction: - type: string - iptablesMarkMask: - description: 'IptablesMarkMask is the mask that Felix selects its - IPTables Mark bits from. Should be a 32 bit hexadecimal number with - at least 8 bits set, none of which clash with any other mark bits - in use on the system. [Default: 0xff000000]' - format: int32 - type: integer - iptablesNATOutgoingInterfaceFilter: - type: string - iptablesPostWriteCheckInterval: - description: 'IptablesPostWriteCheckInterval is the period after Felix - has done a write to the dataplane that it schedules an extra read - back in order to check the write was not clobbered by another process. - This should only occur if another application on the system doesn''t - respect the iptables lock. [Default: 1s]' - type: string - iptablesRefreshInterval: - description: 'IptablesRefreshInterval is the period at which Felix - re-checks the IP sets in the dataplane to ensure that no other process - has accidentally broken Calico''s rules. Set to 0 to disable IP - sets refresh. Note: the default for this value is lower than the - other refresh intervals as a workaround for a Linux kernel bug that - was fixed in kernel version 4.11. If you are using v4.11 or greater - you may want to set this to, a higher value to reduce Felix CPU - usage. [Default: 10s]' - type: string - ipv6Support: - description: IPv6Support controls whether Felix enables support for - IPv6 (if supported by the in-use dataplane). - type: boolean - kubeNodePortRanges: - description: 'KubeNodePortRanges holds list of port ranges used for - service node ports. Only used if felix detects kube-proxy running - in ipvs mode. Felix uses these ranges to separate host and workload - traffic. [Default: 30000:32767].' - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - logDebugFilenameRegex: - description: LogDebugFilenameRegex controls which source code files - have their Debug log output included in the logs. Only logs from - files with names that match the given regular expression are included. The - filter only applies to Debug level logs. - type: string - logFilePath: - description: 'LogFilePath is the full path to the Felix log. Set to - none to disable file logging. [Default: /var/log/calico/felix.log]' - type: string - logPrefix: - description: 'LogPrefix is the log prefix that Felix uses when rendering - LOG rules. [Default: calico-packet]' - type: string - logSeverityFile: - description: 'LogSeverityFile is the log severity above which logs - are sent to the log file. [Default: Info]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - type: string - logSeveritySys: - description: 'LogSeveritySys is the log severity above which logs - are sent to the syslog. Set to None for no logging to syslog. [Default: - Info]' - type: string - maxIpsetSize: - type: integer - metadataAddr: - description: 'MetadataAddr is the IP address or domain name of the - server that can answer VM queries for cloud-init metadata. In OpenStack, - this corresponds to the machine running nova-api (or in Ubuntu, - nova-api-metadata). A value of none (case insensitive) means that - Felix should not set up any NAT rule for the metadata path. [Default: - 127.0.0.1]' - type: string - metadataPort: - description: 'MetadataPort is the port of the metadata server. This, - combined with global.MetadataAddr (if not ''None''), is used to - set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. - In most cases this should not need to be changed [Default: 8775].' - type: integer - mtuIfacePattern: - description: MTUIfacePattern is a regular expression that controls - which interfaces Felix should scan in order to calculate the host's - MTU. This should not match workload interfaces (usually named cali...). - type: string - natOutgoingAddress: - description: NATOutgoingAddress specifies an address to use when performing - source NAT for traffic in a natOutgoing pool that is leaving the - network. By default the address used is an address on the interface - the traffic is leaving on (ie it uses the iptables MASQUERADE target) - type: string - natPortRange: - anyOf: - - type: integer - - type: string - description: NATPortRange specifies the range of ports that is used - for port mapping when doing outgoing NAT. When unset the default - behavior of the network stack is used. - pattern: ^.* - x-kubernetes-int-or-string: true - netlinkTimeout: - type: string - openstackRegion: - description: 'OpenstackRegion is the name of the region that a particular - Felix belongs to. In a multi-region Calico/OpenStack deployment, - this must be configured somehow for each Felix (here in the datamodel, - or in felix.cfg or the environment on each compute node), and must - match the [calico] openstack_region value configured in neutron.conf - on each node. [Default: Empty]' - type: string - policySyncPathPrefix: - description: 'PolicySyncPathPrefix is used to by Felix to communicate - policy changes to external services, like Application layer policy. - [Default: Empty]' - type: string - prometheusGoMetricsEnabled: - description: 'PrometheusGoMetricsEnabled disables Go runtime metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled enables the Prometheus metrics - server in Felix if set to true. [Default: false]' - type: boolean - prometheusMetricsHost: - description: 'PrometheusMetricsHost is the host that the Prometheus - metrics server should bind to. [Default: empty]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. [Default: 9091]' - type: integer - prometheusProcessMetricsEnabled: - description: 'PrometheusProcessMetricsEnabled disables process metrics - collection, which the Prometheus client does by default, when set - to false. This reduces the number of metrics reported, reducing - Prometheus load. [Default: true]' - type: boolean - prometheusWireGuardMetricsEnabled: - description: 'PrometheusWireGuardMetricsEnabled disables wireguard - metrics collection, which the Prometheus client does by default, - when set to false. This reduces the number of metrics reported, - reducing Prometheus load. [Default: true]' - type: boolean - removeExternalRoutes: - description: Whether or not to remove device routes that have not - been programmed by Felix. Disabling this will allow external applications - to also add device routes. This is enabled by default which means - we will remove externally added routes. - type: boolean - reportingInterval: - description: 'ReportingInterval is the interval at which Felix reports - its status into the datastore or 0 to disable. Must be non-zero - in OpenStack deployments. [Default: 30s]' - type: string - reportingTTL: - description: 'ReportingTTL is the time-to-live setting for process-wide - status reports. [Default: 90s]' - type: string - routeRefreshInterval: - description: 'RouteRefreshInterval is the period at which Felix re-checks - the routes in the dataplane to ensure that no other process has - accidentally broken Calico''s rules. Set to 0 to disable route refresh. - [Default: 90s]' - type: string - routeSource: - description: 'RouteSource configures where Felix gets its routing - information. - WorkloadIPs: use workload endpoints to construct - routes. - CalicoIPAM: the default - use IPAM data to construct routes.' - type: string - routeTableRange: - description: Deprecated in favor of RouteTableRanges. Calico programs - additional Linux route tables for various purposes. RouteTableRange - specifies the indices of the route tables that Calico should use. - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - routeTableRanges: - description: Calico programs additional Linux route tables for various - purposes. RouteTableRanges specifies a set of table index ranges - that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`. - items: - properties: - max: - type: integer - min: - type: integer - required: - - max - - min - type: object - type: array - serviceLoopPrevention: - description: 'When service IP advertisement is enabled, prevent routing - loops to service IPs that are not in use, by dropping or rejecting - packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled", - in which case such routing loops continue to be allowed. [Default: - Drop]' - type: string - sidecarAccelerationEnabled: - description: 'SidecarAccelerationEnabled enables experimental sidecar - acceleration [Default: false]' - type: boolean - usageReportingEnabled: - description: 'UsageReportingEnabled reports anonymous Calico version - number and cluster size to projectcalico.org. Logs warnings returned - by the usage server. For example, if a significant security vulnerability - has been discovered in the version of Calico being used. [Default: - true]' - type: boolean - usageReportingInitialDelay: - description: 'UsageReportingInitialDelay controls the minimum delay - before Felix makes a report. [Default: 300s]' - type: string - usageReportingInterval: - description: 'UsageReportingInterval controls the interval at which - Felix makes reports. [Default: 86400s]' - type: string - useInternalDataplaneDriver: - description: UseInternalDataplaneDriver, if true, Felix will use its - internal dataplane programming logic. If false, it will launch - an external dataplane driver and communicate with it over protobuf. - type: boolean - vxlanEnabled: - description: 'VXLANEnabled overrides whether Felix should create the - VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix - determines this based on the existing IP pools. [Default: nil (unset)]' - type: boolean - vxlanMTU: - description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel - device. See Configuring MTU [Default: 1410]' - type: integer - vxlanMTUV6: - description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel - device. See Configuring MTU [Default: 1390]' - type: integer - vxlanPort: - type: integer - vxlanVNI: - type: integer - wireguardEnabled: - description: 'WireguardEnabled controls whether Wireguard is enabled. - [Default: false]' - type: boolean - wireguardHostEncryptionEnabled: - description: 'WireguardHostEncryptionEnabled controls whether Wireguard - host-to-host encryption is enabled. [Default: false]' - type: boolean - wireguardInterfaceName: - description: 'WireguardInterfaceName specifies the name to use for - the Wireguard interface. [Default: wg.calico]' - type: string - wireguardKeepAlive: - description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive - option. Set 0 to disable. [Default: 0]' - type: string - wireguardListeningPort: - description: 'WireguardListeningPort controls the listening port used - by Wireguard. [Default: 51820]' - type: integer - wireguardMTU: - description: 'WireguardMTU controls the MTU on the Wireguard interface. - See Configuring MTU [Default: 1420]' - type: integer - wireguardRoutingRulePriority: - description: 'WireguardRoutingRulePriority controls the priority value - to use for the Wireguard routing rule. [Default: 99]' - type: integer - workloadSourceSpoofing: - description: WorkloadSourceSpoofing controls whether pods can use - the allowedSourcePrefixes annotation to send traffic with a source - IP address that is not theirs. This is disabled by default. When - set to "Any", pods can request any prefix. - type: string - xdpEnabled: - description: 'XDPEnabled enables XDP acceleration for suitable untracked - incoming deny rules. [Default: true]' - type: boolean - xdpRefreshInterval: - description: 'XDPRefreshInterval is the period at which Felix re-checks - all XDP state to ensure that no other process has accidentally broken - Calico''s BPF maps or attached programs. Set to 0 to disable XDP - refresh. [Default: 90s]' - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkPolicy - listKind: GlobalNetworkPolicyList - plural: globalnetworkpolicies - singular: globalnetworkpolicy - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - applyOnForward: - description: ApplyOnForward indicates to apply the rules in this policy - on forward traffic. - type: boolean - doNotTrack: - description: DoNotTrack indicates whether packets matched by the rules - in this policy should go through the data plane's connection tracking, - such as Linux conntrack. If True, the rules in this policy are - applied before any data plane connection tracking, and packets allowed - by this policy are marked as not to be tracked. - type: boolean - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - namespaceSelector: - description: NamespaceSelector is an optional field for an expression - used to select a pod based on namespaces. - type: string - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - preDNAT: - description: PreDNAT indicates to apply the rules in this policy before - any DNAT. - type: boolean - selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress rules are present in the policy. The - default is: \n - [ PolicyTypeIngress ], if there are no Egress rules - (including the case where there are also no Ingress rules) \n - - [ PolicyTypeEgress ], if there are Egress rules but no Ingress - rules \n - [ PolicyTypeIngress, PolicyTypeEgress ], if there are - both Ingress and Egress rules. \n When the policy is read back again, - Types will always be one of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: GlobalNetworkSet - listKind: GlobalNetworkSetList - plural: globalnetworksets - singular: globalnetworkset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs - that share labels to allow rules to refer to them via selectors. The labels - of GlobalNetworkSet are not namespaced. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GlobalNetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: HostEndpoint - listKind: HostEndpointList - plural: hostendpoints - singular: hostendpoint - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostEndpointSpec contains the specification for a HostEndpoint - resource. - properties: - expectedIPs: - description: "The expected IP addresses (IPv4 and IPv6) of the endpoint. - If \"InterfaceName\" is not present, Calico will look for an interface - matching any of the IPs in the list and apply policy to that. Note: - \tWhen using the selector match criteria in an ingress or egress - security Policy \tor Profile, Calico converts the selector into - a set of IP addresses. For host \tendpoints, the ExpectedIPs field - is used for that purpose. (If only the interface \tname is specified, - Calico does not learn the IPs of the interface for use in match - \tcriteria.)" - items: - type: string - type: array - interfaceName: - description: "Either \"*\", or the name of a specific Linux interface - to apply policy to; or empty. \"*\" indicates that this HostEndpoint - governs all traffic to, from or through the default network namespace - of the host named by the \"Node\" field; entering and leaving that - namespace via any interface, including those from/to non-host-networked - local workloads. \n If InterfaceName is not \"*\", this HostEndpoint - only governs traffic that enters or leaves the host through the - specific interface named by InterfaceName, or - when InterfaceName - is empty - through the specific interface that has one of the IPs - in ExpectedIPs. Therefore, when InterfaceName is empty, at least - one expected IP must be specified. Only external interfaces (such - as \"eth0\") are supported here; it isn't possible for a HostEndpoint - to protect traffic through a specific local workload interface. - \n Note: Only some kinds of policy are implemented for \"*\" HostEndpoints; - initially just pre-DNAT policy. Please check Calico documentation - for the latest position." - type: string - node: - description: The node name identifying the Calico node instance. - type: string - ports: - description: Ports contains the endpoint's named ports, which may - be referenced in security policy rules. - items: - properties: - name: - type: string - port: - type: integer - protocol: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - required: - - name - - port - - protocol - type: object - type: array - profiles: - description: A list of identifiers of security Profile objects that - apply to this endpoint. Each profile is applied in the order that - they appear in this list. Profile rules are applied after the selector-based - security policy. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamblocks.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMBlock - listKind: IPAMBlockList - plural: ipamblocks - singular: ipamblock - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMBlockSpec contains the specification for an IPAMBlock - resource. - properties: - affinity: - description: Affinity of the block, if this block has one. If set, - it will be of the form "host:". If not set, this block - is not affine to a host. - type: string - allocations: - description: Array of allocations in-use within this block. nil entries - mean the allocation is free. For non-nil entries at index i, the - index is the ordinal of the allocation within this block and the - value is the index of the associated attributes in the Attributes - array. - items: - type: integer - # TODO: This nullable is manually added in. We should update controller-gen - # to handle []*int properly itself. - nullable: true - type: array - attributes: - description: Attributes is an array of arbitrary metadata associated - with allocations in the block. To find attributes for a given allocation, - use the value of the allocation's entry in the Allocations array - as the index of the element in this array. - items: - properties: - handle_id: - type: string - secondary: - additionalProperties: - type: string - type: object - type: object - type: array - cidr: - description: The block's CIDR. - type: string - deleted: - description: Deleted is an internal boolean used to workaround a limitation - in the Kubernetes API whereby deletion will not return a conflict - error if the block has been updated. It should not be set manually. - type: boolean - sequenceNumber: - default: 0 - description: We store a sequence number that is updated each time - the block is written. Each allocation will also store the sequence - number of the block at the time of its creation. When releasing - an IP, passing the sequence number associated with the allocation - allows us to protect against a race condition and ensure the IP - hasn't been released and re-allocated since the release request. - format: int64 - type: integer - sequenceNumberForAllocation: - additionalProperties: - format: int64 - type: integer - description: Map of allocated ordinal within the block to sequence - number of the block at the time of allocation. Kubernetes does not - allow numerical keys for maps, so the key is cast to a string. - type: object - strictAffinity: - description: StrictAffinity on the IPAMBlock is deprecated and no - longer used by the code. Use IPAMConfig StrictAffinity instead. - type: boolean - unallocated: - description: Unallocated is an ordered list of allocations which are - free in the block. - items: - type: integer - type: array - required: - - allocations - - attributes - - cidr - - strictAffinity - - unallocated - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamconfigs.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMConfig - listKind: IPAMConfigList - plural: ipamconfigs - singular: ipamconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMConfigSpec contains the specification for an IPAMConfig - resource. - properties: - autoAllocateBlocks: - type: boolean - maxBlocksPerHost: - description: MaxBlocksPerHost, if non-zero, is the max number of blocks - that can be affine to each host. - type: integer - strictAffinity: - type: boolean - required: - - autoAllocateBlocks - - strictAffinity - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipamhandles.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPAMHandle - listKind: IPAMHandleList - plural: ipamhandles - singular: ipamhandle - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPAMHandleSpec contains the specification for an IPAMHandle - resource. - properties: - block: - additionalProperties: - type: integer - type: object - deleted: - type: boolean - handleID: - type: string - required: - - block - - handleID - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPPool - listKind: IPPoolList - plural: ippools - singular: ippool - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPPoolSpec contains the specification for an IPPool resource. - properties: - allowedUses: - description: AllowedUse controls what the IP pool will be used for. If - not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility - items: - type: string - type: array - blockSize: - description: The block size to use for IP address assignments from - this pool. Defaults to 26 for IPv4 and 122 for IPv6. - type: integer - cidr: - description: The pool CIDR. - type: string - disableBGPExport: - description: 'Disable exporting routes from this IP Pool''s CIDR over - BGP. [Default: false]' - type: boolean - disabled: - description: When disabled is true, Calico IPAM will not assign addresses - from this pool. - type: boolean - ipip: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - properties: - enabled: - description: When enabled is true, ipip tunneling will be used - to deliver packets to destinations within this pool. - type: boolean - mode: - description: The IPIP mode. This can be one of "always" or "cross-subnet". A - mode of "always" will also use IPIP tunneling for routing to - destination IP addresses within this pool. A mode of "cross-subnet" - will only use IPIP tunneling when the destination node is on - a different subnet to the originating node. The default value - (if not specified) is "always". - type: string - type: object - ipipMode: - description: Contains configuration for IPIP tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling - is disabled). - type: string - nat-outgoing: - description: 'Deprecated: this field is only used for APIv1 backwards - compatibility. Setting this field is not allowed, this field is - for internal use only.' - type: boolean - natOutgoing: - description: When nat-outgoing is true, packets sent from Calico networked - containers in this pool to destinations outside of this pool will - be masqueraded. - type: boolean - nodeSelector: - description: Allows IPPool to allocate for a specific node by label - selector. - type: string - vxlanMode: - description: Contains configuration for VXLAN tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. VXLAN - tunneling is disabled). - type: string - required: - - cidr - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null - name: ipreservations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: IPReservation - listKind: IPReservationList - plural: ipreservations - singular: ipreservation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IPReservationSpec contains the specification for an IPReservation - resource. - properties: - reservedCIDRs: - description: ReservedCIDRs is a list of CIDRs and/or IP addresses - that Calico IPAM will exclude from new allocations. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: kubecontrollersconfigurations.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: KubeControllersConfiguration - listKind: KubeControllersConfigurationList - plural: kubecontrollersconfigurations - singular: kubecontrollersconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubeControllersConfigurationSpec contains the values of the - Kubernetes controllers configuration. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host endpoints. - Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation of - host endpoints for every node. [Default: Disabled]' - type: string - type: object - leakGracePeriod: - description: 'LeakGracePeriod is the period used by the controller - to determine if an IP address has been leaked. Set to 0 - to disable IP garbage collection. [Default: 15m]' - type: string - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform reconciliation - with the Calico datastore. [Default: 5m]' - type: string - type: object - type: object - debugProfilePort: - description: DebugProfilePort configures the port to serve memory - and cpu profiles on. If not specified, profiling is disabled. - format: int32 - type: integer - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which logs - are sent to the stdout. [Default: Info]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. Set to 0 to disable. [Default: 9094]' - type: integer - required: - - controllers - type: object - status: - description: KubeControllersConfigurationStatus represents the status - of the configuration. It's useful for admins to be able to see the actual - config that was applied, which can be modified by environment variables - on the kube-controllers process. - properties: - environmentVars: - additionalProperties: - type: string - description: EnvironmentVars contains the environment variables on - the kube-controllers that influenced the RunningConfig. - type: object - runningConfig: - description: RunningConfig contains the effective config that is running - in the kube-controllers pod, after merging the API resource with - any environment variables. - properties: - controllers: - description: Controllers enables and configures individual Kubernetes - controllers - properties: - namespace: - description: Namespace enables and configures the namespace - controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - node: - description: Node enables and configures the node controller. - Enabled by default, set to nil to disable. - properties: - hostEndpoint: - description: HostEndpoint controls syncing nodes to host - endpoints. Disabled by default, set to nil to disable. - properties: - autoCreate: - description: 'AutoCreate enables automatic creation - of host endpoints for every node. [Default: Disabled]' - type: string - type: object - leakGracePeriod: - description: 'LeakGracePeriod is the period used by the - controller to determine if an IP address has been leaked. - Set to 0 to disable IP garbage collection. [Default: - 15m]' - type: string - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - syncLabels: - description: 'SyncLabels controls whether to copy Kubernetes - node labels to Calico nodes. [Default: Enabled]' - type: string - type: object - policy: - description: Policy enables and configures the policy controller. - Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - serviceAccount: - description: ServiceAccount enables and configures the service - account controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - workloadEndpoint: - description: WorkloadEndpoint enables and configures the workload - endpoint controller. Enabled by default, set to nil to disable. - properties: - reconcilerPeriod: - description: 'ReconcilerPeriod is the period to perform - reconciliation with the Calico datastore. [Default: - 5m]' - type: string - type: object - type: object - debugProfilePort: - description: DebugProfilePort configures the port to serve memory - and cpu profiles on. If not specified, profiling is disabled. - format: int32 - type: integer - etcdV3CompactionPeriod: - description: 'EtcdV3CompactionPeriod is the period between etcdv3 - compaction requests. Set to 0 to disable. [Default: 10m]' - type: string - healthChecks: - description: 'HealthChecks enables or disables support for health - checks [Default: Enabled]' - type: string - logSeverityScreen: - description: 'LogSeverityScreen is the log severity above which - logs are sent to the stdout. [Default: Info]' - type: string - prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the Prometheus - metrics server should bind to. Set to 0 to disable. [Default: - 9094]' - type: integer - required: - - controllers - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkPolicy - listKind: NetworkPolicyList - plural: networkpolicies - singular: networkpolicy - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - egress: - description: The ordered set of egress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - ingress: - description: The ordered set of ingress rules. Each rule contains - a set of packet match criteria and a corresponding action to apply. - items: - description: "A Rule encapsulates a set of match criteria and an - action. Both selector-based security Policy and security Profiles - reference rules - separated out as a list of rules for both ingress - and egress packet matching. \n Each positive match criteria has - a negated version, prefixed with \"Not\". All the match criteria - within a rule must be satisfied for a packet to match. A single - rule can contain the positive and negative version of a match - and both must be satisfied for the rule to match." - properties: - action: - type: string - destination: - description: Destination contains the match criteria that apply - to destination entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - http: - description: HTTP contains match criteria that apply to HTTP - requests. - properties: - methods: - description: Methods is an optional field that restricts - the rule to apply only to HTTP requests that use one of - the listed HTTP Methods (e.g. GET, PUT, etc.) Multiple - methods are OR'd together. - items: - type: string - type: array - paths: - description: 'Paths is an optional field that restricts - the rule to apply to HTTP requests that use one of the - listed HTTP Paths. Multiple paths are OR''d together. - e.g: - exact: /foo - prefix: /bar NOTE: Each entry may - ONLY specify either a `exact` or a `prefix` match. The - validator will check for it.' - items: - description: 'HTTPPath specifies an HTTP path to match. - It may be either of the form: exact: : which matches - the path exactly or prefix: : which matches - the path prefix' - properties: - exact: - type: string - prefix: - type: string - type: object - type: array - type: object - icmp: - description: ICMP is an optional field that restricts the rule - to apply to a specific type and code of ICMP traffic. This - should only be specified if the Protocol field is set to "ICMP" - or "ICMPv6". - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - ipVersion: - description: IPVersion is an optional field that restricts the - rule to only match a specific IP version. - type: integer - metadata: - description: Metadata contains additional information for this - rule - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a set of key value pairs that - give extra information about the rule - type: object - type: object - notICMP: - description: NotICMP is the negated version of the ICMP field. - properties: - code: - description: Match on a specific ICMP code. If specified, - the Type value must also be specified. This is a technical - limitation imposed by the kernel's iptables firewall, - which Calico uses to enforce the rule. - type: integer - type: - description: Match on a specific ICMP type. For example - a value of 8 refers to ICMP Echo Request (i.e. pings). - type: integer - type: object - notProtocol: - anyOf: - - type: integer - - type: string - description: NotProtocol is the negated version of the Protocol - field. - pattern: ^.* - x-kubernetes-int-or-string: true - protocol: - anyOf: - - type: integer - - type: string - description: "Protocol is an optional field that restricts the - rule to only apply to traffic of a specific IP protocol. Required - if any of the EntityRules contain Ports (because ports only - apply to certain protocols). \n Must be one of these string - values: \"TCP\", \"UDP\", \"ICMP\", \"ICMPv6\", \"SCTP\", - \"UDPLite\" or an integer in the range 1-255." - pattern: ^.* - x-kubernetes-int-or-string: true - source: - description: Source contains the match criteria that apply to - source entity. - properties: - namespaceSelector: - description: "NamespaceSelector is an optional field that - contains a selector expression. Only traffic that originates - from (or terminates at) endpoints within the selected - namespaces will be matched. When both NamespaceSelector - and another selector are defined on the same rule, then - only workload endpoints that are matched by both selectors - will be selected by the rule. \n For NetworkPolicy, an - empty NamespaceSelector implies that the Selector is limited - to selecting only workload endpoints in the same namespace - as the NetworkPolicy. \n For NetworkPolicy, `global()` - NamespaceSelector implies that the Selector is limited - to selecting only GlobalNetworkSet or HostEndpoint. \n - For GlobalNetworkPolicy, an empty NamespaceSelector implies - the Selector applies to workload endpoints across all - namespaces." - type: string - nets: - description: Nets is an optional field that restricts the - rule to only apply to traffic that originates from (or - terminates at) IP addresses in any of the given subnets. - items: - type: string - type: array - notNets: - description: NotNets is the negated version of the Nets - field. - items: - type: string - type: array - notPorts: - description: NotPorts is the negated version of the Ports - field. Since only some protocols have ports, if any ports - are specified it requires the Protocol match in the Rule - to be set to "TCP" or "UDP". - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - notSelector: - description: NotSelector is the negated version of the Selector - field. See Selector field for subtleties with negated - selectors. - type: string - ports: - description: "Ports is an optional field that restricts - the rule to only apply to traffic that has a source (destination) - port that matches one of these ranges/values. This value - is a list of integers or strings that represent ranges - of ports. \n Since only some protocols have ports, if - any ports are specified it requires the Protocol match - in the Rule to be set to \"TCP\" or \"UDP\"." - items: - anyOf: - - type: integer - - type: string - pattern: ^.* - x-kubernetes-int-or-string: true - type: array - selector: - description: "Selector is an optional field that contains - a selector expression (see Policy for sample syntax). - \ Only traffic that originates from (terminates at) endpoints - matching the selector will be matched. \n Note that: in - addition to the negated version of the Selector (see NotSelector - below), the selector expression syntax itself supports - negation. The two types of negation are subtly different. - One negates the set of matched endpoints, the other negates - the whole match: \n \tSelector = \"!has(my_label)\" matches - packets that are from other Calico-controlled \tendpoints - that do not have the label \"my_label\". \n \tNotSelector - = \"has(my_label)\" matches packets that are not from - Calico-controlled \tendpoints that do have the label \"my_label\". - \n The effect is that the latter will accept packets from - non-Calico sources whereas the former is limited to packets - from Calico-controlled endpoints." - type: string - serviceAccounts: - description: ServiceAccounts is an optional field that restricts - the rule to only apply to traffic that originates from - (or terminates at) a pod running as a matching service - account. - properties: - names: - description: Names is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account whose name is in the list. - items: - type: string - type: array - selector: - description: Selector is an optional field that restricts - the rule to only apply to traffic that originates - from (or terminates at) a pod running as a service - account that matches the given label selector. If - both Names and Selector are specified then they are - AND'ed. - type: string - type: object - services: - description: "Services is an optional field that contains - options for matching Kubernetes Services. If specified, - only traffic that originates from or terminates at endpoints - within the selected service(s) will be matched, and only - to/from each endpoint's port. \n Services cannot be specified - on the same rule as Selector, NotSelector, NamespaceSelector, - Nets, NotNets or ServiceAccounts. \n Ports and NotPorts - can only be specified with Services on ingress rules." - properties: - name: - description: Name specifies the name of a Kubernetes - Service to match. - type: string - namespace: - description: Namespace specifies the namespace of the - given Service. If left empty, the rule will match - within this policy's namespace. - type: string - type: object - type: object - required: - - action - type: object - type: array - order: - description: Order is an optional field that specifies the order in - which the policy is applied. Policies with higher "order" are applied - after those with lower order. If the order is omitted, it may be - considered to be "infinite" - i.e. the policy will be applied last. Policies - with identical order will be applied in alphanumerical order based - on the Policy "Name". - type: number - selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() - or the empty selector -> matches all endpoints. \n Label names are - allowed to contain alphanumerics, -, _ and /. String literals are - more permissive but they do not support escape characters. \n Examples - (with made-up labels): \n \ttype == \"webserver\" && deployment - == \"prod\" \ttype in {\"frontend\", \"backend\"} \tdeployment != - \"dev\" \t! has(label_name)" - type: string - serviceAccountSelector: - description: ServiceAccountSelector is an optional field for an expression - used to select a pod based on service accounts. - type: string - types: - description: "Types indicates whether this policy applies to ingress, - or to egress, or to both. When not explicitly specified (and so - the value on creation is empty or nil), Calico defaults Types according - to what Ingress and Egress are present in the policy. The default - is: \n - [ PolicyTypeIngress ], if there are no Egress rules (including - the case where there are also no Ingress rules) \n - [ PolicyTypeEgress - ], if there are Egress rules but no Ingress rules \n - [ PolicyTypeIngress, - PolicyTypeEgress ], if there are both Ingress and Egress rules. - \n When the policy is read back again, Types will always be one - of these values, never empty or nil." - items: - description: PolicyType enumerates the possible values of the PolicySpec - Types field. - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networksets.crd.projectcalico.org -spec: - group: crd.projectcalico.org - names: - kind: NetworkSet - listKind: NetworkSetList - plural: networksets - singular: networkset - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSetSpec contains the specification for a NetworkSet - resource. - properties: - nets: - description: The list of IP networks that belong to this set. - items: - type: string - type: array - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- ---- -# Source: calico/templates/calico-kube-controllers-rbac.yaml - -# Include a clusterrole for the kube-controllers component, -# and bind it to the calico-kube-controllers serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - # Pods are watched to check for existence as part of IPAM controller. - - apiGroups: [""] - resources: - - pods - verbs: - - get - - list - - watch - # IPAM resources are manipulated in response to node and block updates, as well as periodic triggers. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipreservations - verbs: - - list - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - watch - # Pools are watched to maintain a mapping of blocks to IP pools. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - list - - watch - # kube-controllers manages hostendpoints. - - apiGroups: ["crd.projectcalico.org"] - resources: - - hostendpoints - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - list - - create - - update - - watch - # KubeControllersConfiguration is where it gets its config - - apiGroups: ["crd.projectcalico.org"] - resources: - - kubecontrollersconfigurations - verbs: - # read its own config - - get - # create a default if none exists - - create - # update status - - update - # watch for changes - - watch ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-kube-controllers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-kube-controllers -subjects: -- kind: ServiceAccount - name: calico-kube-controllers - namespace: kube-system ---- - ---- -# Source: calico/templates/calico-node-rbac.yaml -# Include a clusterrole for the calico-node DaemonSet, -# and bind it to the calico-node serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-node -rules: - # The CNI plugin needs to get pods, nodes, and namespaces. - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - # EndpointSlices are used for Service-based network policy rule - # enforcement. - - apiGroups: ["discovery.k8s.io"] - resources: - - endpointslices - verbs: - - watch - - list - - apiGroups: [""] - resources: - - endpoints - - services - verbs: - # Used to discover service IPs for advertisement. - - watch - - list - # Used to discover Typhas. - - get - # Pod CIDR auto-detection on kubeadm needs access to config maps. - - apiGroups: [""] - resources: - - configmaps - verbs: - - get - - apiGroups: [""] - resources: - - nodes/status - verbs: - # Needed for clearing NodeNetworkUnavailable flag. - - patch - # Calico stores some configuration information in node annotations. - - update - # Watch for changes to Kubernetes NetworkPolicies. - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list - # Used by Calico for policy information. - - apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch - # The CNI plugin patches pods/status. - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - # Used for creating service account tokens to be used by the CNI plugin - - apiGroups: [""] - resources: - - serviceaccounts/token - resourceNames: - - calico-node - verbs: - - create - # Calico monitors various CRDs for config. - - apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipreservations - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - networksets - - clusterinformations - - hostendpoints - - blockaffinities - - caliconodestatuses - verbs: - - get - - list - - watch - # Calico must create and update some CRDs on startup. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update - # Calico must update some CRDs. - - apiGroups: [ "crd.projectcalico.org" ] - resources: - - caliconodestatuses - verbs: - - update - # Calico stores some configuration information on the node. - - apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch - # These permissions are only required for upgrade from v2.6, and can - # be removed after upgrade or on fresh installations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update - # These permissions are required for Calico CNI to perform IPAM allocations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipamconfigs - verbs: - - get - # Block affinities must also be watchable by confd for route aggregation. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - verbs: - - watch - # The Calico IPAM migration needs to get daemonsets. These permissions can be - # removed if not upgrading from an installation using host-local IPAM. - - apiGroups: ["apps"] - resources: - - daemonsets - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: calico-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system - -{{ if .Networking.Calico.TyphaReplicas -}} ---- -# Source: calico/templates/calico-typha.yaml -# This manifest creates a Service, which will be backed by Calico's Typha daemon. -# Typha sits in between Felix and the API server, reducing Calico's load on the API server. - -apiVersion: v1 -kind: Service -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - ports: - - port: 5473 - protocol: TCP - targetPort: calico-typha - name: calico-typha - selector: - k8s-app: calico-typha - ---- - -# This manifest creates a Deployment of Typha to back the above service. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - # Number of Typha replicas. To enable Typha, set this to a non-zero value *and* set the - # typha_service_name variable in the calico-config ConfigMap above. - # - # We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is essential - # (when using the Kubernetes datastore). Use one replica for every 100-200 nodes. In - # production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade. - replicas: {{ or .Networking.Calico.TyphaReplicas "0" }} - revisionHistoryLimit: 2 - selector: - matchLabels: - k8s-app: calico-typha - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-typha - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - # Since Calico can't network a pod until Typha is up, we need to run Typha itself - # as a host-networked pod. - serviceAccountName: calico-node - priorityClassName: system-cluster-critical - # fsGroup allows using projected serviceaccount tokens as described here kubernetes/kubernetes#82573 - securityContext: - fsGroup: 65534 - containers: - - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/typha:{{ or .Networking.Calico.Version "v3.23.5" }} - name: calico-typha - ports: - - containerPort: 5473 - name: calico-typha - protocol: TCP - {{- if .Networking.Calico.TyphaPrometheusMetricsEnabled }} - - containerPort: {{ or .Networking.Calico.TyphaPrometheusMetricsPort "9093" }} - name: metrics - protocol: TCP - {{- end }} - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - # Enable "info" logging by default. Can be set to "debug" to increase verbosity. - - name: TYPHA_LOGSEVERITYSCREEN - value: "info" - # Disable logging to file and syslog since those don't make sense in Kubernetes. - - name: TYPHA_LOGFILEPATH - value: "none" - - name: TYPHA_LOGSEVERITYSYS - value: "none" - # Monitor the Kubernetes API to find the number of running instances and rebalance - # connections. - - name: TYPHA_CONNECTIONREBALANCINGMODE - value: "kubernetes" - - name: TYPHA_DATASTORETYPE - value: "kubernetes" - - name: TYPHA_HEALTHENABLED - value: "true" - - name: TYPHA_PROMETHEUSMETRICSENABLED - value: "{{- .Networking.Calico.TyphaPrometheusMetricsEnabled }}" - - name: TYPHA_PROMETHEUSMETRICSPORT - value: "{{- or .Networking.Calico.TyphaPrometheusMetricsPort "9093" }}" - livenessProbe: - httpGet: - path: /liveness - port: 9098 - host: localhost - periodSeconds: 30 - initialDelaySeconds: 30 - timeoutSeconds: 10 - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readinessProbe: - httpGet: - path: /readiness - port: 9098 - host: localhost - periodSeconds: 10 - timeoutSeconds: 10 - ---- - -# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: calico-typha -{{- end }} - ---- -# Source: calico/templates/calico-node.yaml -# This manifest installs the calico-node container, as well -# as the CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Make sure calico-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 0 - priorityClassName: system-node-critical - initContainers: - # This container performs upgrade from host-local IPAM to calico-ipam. - # It can be deleted if this is a fresh installation, or if you have already - # upgraded to use calico-ipam. - - name: upgrade-ipam - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:{{ or .Networking.Calico.Version "v3.23.5" }} - command: ["/opt/cni/bin/calico-ipam", "-upgrade"] - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - volumeMounts: - - mountPath: /var/lib/cni/networks - name: host-local-net-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - securityContext: - privileged: true - # This container installs the CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:{{ or .Networking.Calico.Version "v3.23.5" }} - command: ["/opt/cni/bin/install"] - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - # Name of the CNI config file to create. - - name: CNI_CONF_NAME - value: "10-calico.conflist" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # CNI MTU Config variable - - name: CNI_MTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Prevents the container from sleeping forever. - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - securityContext: - privileged: true - # This init container mounts the necessary filesystems needed by the BPF data plane - # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed - # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - - name: "mount-bpffs" - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/node:{{ or .Networking.Calico.Version "v3.23.5" }} - command: ["calico-node", "-init", "-best-effort"] - volumeMounts: - - mountPath: /sys/fs - name: sys-fs - # Bidirectional is required to ensure that the new mount we make at /sys/fs/bpf propagates to the host - # so that it outlives the init container. - mountPropagation: Bidirectional - - mountPath: /var/run/calico - name: var-run-calico - # Bidirectional is required to ensure that the new mount we make at /run/calico/cgroup propagates to the host - # so that it outlives the init container. - mountPropagation: Bidirectional - # Mount /proc/ from host which usually is an init program at /nodeproc. It's needed by mountns binary, - # executed by calico-node, to mount root cgroup2 fs at /run/calico/cgroup to attach CTLB programs correctly. - - mountPath: /nodeproc - name: nodeproc - readOnly: true - securityContext: - privileged: true - - name: flexvol-driver - image: busybox - command: ['sh', '-c', 'echo Temporary fix to avoid server side apply issues'] - containers: - # Runs calico-node container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/node:{{ or .Networking.Calico.Version "v3.23.5" }} - envFrom: - - configMapRef: - # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. - name: kubernetes-services-endpoint - optional: true - env: - # Use Kubernetes API as the backing datastore. - - name: DATASTORE_TYPE - value: "kubernetes" - {{- if IsIPv6Only }} - # Configure route aggregation based on pod CIDR. - - name: USE_POD_CIDR - value: "true" - {{- end }} - {{- if .Networking.Calico.TyphaReplicas }} - # Typha support: controlled by the ConfigMap. - - name: FELIX_TYPHAK8SSERVICENAME - valueFrom: - configMapKeyRef: - name: calico-config - key: typha_service_name - {{- end }} - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Choose the backend to use. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "kops,bgp" - # Auto-detect the BGP IP address. - - name: IP - value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}" - - name: IP6 - value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}" - {{- if IsIPv6Only }} - - name: IP_AUTODETECTION_METHOD - value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "none" }}" - - name: IP6_AUTODETECTION_METHOD - value: "{{- or .Networking.Calico.IPv6AutoDetectionMethod "first-found" }}" - {{- else }} - - name: IP_AUTODETECTION_METHOD - value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "first-found" }}" - - name: IP6_AUTODETECTION_METHOD - value: "{{- or .Networking.Calico.IPv6AutoDetectionMethod "none" }}" - {{- end }} - # Enable IPIP - - name: CALICO_IPV4POOL_IPIP - value: "{{ CalicoIPv4PoolIPIPMode }}" - # Enable or Disable VXLAN on the default IP pool. - - name: CALICO_IPV4POOL_VXLAN - value: "{{ CalicoIPv4PoolVXLANMode }}" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Set MTU for the VXLAN tunnel device. - - name: FELIX_VXLANMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Set MTU for the Wireguard tunnel device. - - name: FELIX_WIREGUARDMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - {{- if IsIPv6Only }} - - name: CALICO_ROUTER_ID - value: "hash" - - name: NO_DEFAULT_POOLS - value: "true" - {{- else }} - - name: CALICO_IPV4POOL_CIDR - value: "{{ .KubeControllerManager.ClusterCIDR }}" - {{- end }} - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - # Set IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "{{ IsIPv6Only }}" - - name: FELIX_HEALTHENABLED - value: "true" - - # kops additions - # Enable source/destination checks for AWS - - name: FELIX_AWSSRCDSTCHECK - value: "{{- if eq GetCloudProvider "aws" -}}{{- or .Networking.Calico.AWSSrcDstCheck "Disable" -}}{{- else -}}DoNothing{{- end -}}" - # Enable eBPF dataplane mode - - name: FELIX_BPFENABLED - value: "{{ .Networking.Calico.BPFEnabled }}" - # Controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled - - name: FELIX_BPFEXTERNALSERVICEMODE - value: "{{- or .Networking.Calico.BPFExternalServiceMode "Tunnel" }}" - # Controls whether Felix will clean up the iptables rules created by the Kubernetes kube-proxy - - name: FELIX_BPFKUBEPROXYIPTABLESCLEANUPENABLED - value: "{{- .Networking.Calico.BPFKubeProxyIptablesCleanupEnabled }}" - # Controls the log level used by the BPF programs - - name: FELIX_BPFLOGLEVEL - value: "{{- or .Networking.Calico.BPFLogLevel "Off" }}" - # Controls whether Felix inserts rules to the top of iptables chains, or appends to the bottom - - name: FELIX_CHAININSERTMODE - value: "{{- or .Networking.Calico.ChainInsertMode "insert" }}" - # Set Felix iptables binary variant, Legacy or NFT - - name: FELIX_IPTABLESBACKEND - value: "{{- or .Networking.Calico.IptablesBackend "Auto" }}" - # Controls the log level - - name: FELIX_LOGSEVERITYSCREEN - value: "{{- or .Networking.Calico.LogSeverityScreen "info" }}" - # Set to enable the experimental Prometheus metrics server - - name: FELIX_PROMETHEUSMETRICSENABLED - value: "{{- .Networking.Calico.PrometheusMetricsEnabled }}" - # TCP port that the Prometheus metrics server should bind to - - name: FELIX_PROMETHEUSMETRICSPORT - value: "{{- or .Networking.Calico.PrometheusMetricsPort "9091" }}" - # Enable Prometheus Go runtime metrics collection - - name: FELIX_PROMETHEUSGOMETRICSENABLED - value: "{{- .Networking.Calico.PrometheusGoMetricsEnabled }}" - # Enable Prometheus process metrics collection - - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED - value: "{{- .Networking.Calico.PrometheusProcessMetricsEnabled }}" - # Enable WireGuard encryption for all on-the-wire pod-to-pod traffic - - name: FELIX_WIREGUARDENABLED - value: "{{ .Networking.Calico.WireguardEnabled }}" - # Enable support for HTTP forward proxy - {{ range $name, $value := ProxyEnv }} - - name: {{ $name }} - value: {{ $value }} - {{ end }} - securityContext: - privileged: true - resources: - requests: - cpu: {{ or .Networking.Calico.CPURequest "100m" }} - lifecycle: - preStop: - exec: - command: - - /bin/calico-node - - -shutdown - livenessProbe: - exec: - command: - - /bin/calico-node - - -felix-live - {{- if eq .Networking.Calico.EncapsulationMode "ipip" }} - {{- if IsIPv6Only }} - - -bird6-live - {{- else }} - - -bird-live - {{- end }} - {{- end }} - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /bin/calico-node - - -felix-ready - {{- if eq .Networking.Calico.EncapsulationMode "ipip" }} - {{- if IsIPv6Only }} - - -bird6-ready - {{- else }} - - -bird-ready - {{- end }} - {{- end }} - periodSeconds: 10 - timeoutSeconds: 10 - {{- if .Networking.Calico.PrometheusMetricsEnabled }} - ports: - - containerPort: {{ or .Networking.Calico.PrometheusMetricsPort "9091" }} - name: metrics - protocol: TCP - {{- end }} - volumeMounts: - # For maintaining CNI plugin API credentials. - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - readOnly: false - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - - name: policysync - mountPath: /var/run/nodeagent - # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the - # parent directory. - - name: bpffs - mountPath: /sys/fs/bpf - - name: cni-log-dir - mountPath: /var/log/calico/cni - readOnly: true - volumes: - # Used by calico-node. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - - name: sys-fs - hostPath: - path: /sys/fs/ - type: DirectoryOrCreate - - name: bpffs - hostPath: - path: /sys/fs/bpf - type: Directory - # mount /proc at /nodeproc to be used by mount-bpffs initContainer to mount root cgroup2 fs. - - name: nodeproc - hostPath: - path: /proc - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Used to access CNI logs. - - name: cni-log-dir - hostPath: - path: /var/log/calico/cni - # Mount in the directory for host-local IPAM allocations. This is - # used when upgrading from host-local to calico-ipam, and can be removed - # if not using the upgrade-ipam init container. - - name: host-local-net-dir - hostPath: - path: /var/lib/cni/networks - # Used to create per-pod Unix Domain Sockets - - name: policysync - hostPath: - type: DirectoryOrCreate - path: /var/run/nodeagent ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - ---- -# Source: calico/templates/calico-kube-controllers.yaml -# See https://github.com/projectcalico/kube-controllers -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - # The controllers can only have a single active instance. - replicas: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers - strategy: - type: Recreate - template: - metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - spec: - nodeSelector: - kubernetes.io/os: linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - serviceAccountName: calico-kube-controllers - priorityClassName: system-cluster-critical - containers: - - name: calico-kube-controllers - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/kube-controllers:{{ or .Networking.Calico.Version "v3.23.5" }} - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: node - - name: DATASTORE_TYPE - value: kubernetes - livenessProbe: - exec: - command: - - /usr/bin/check-status - - -l - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - timeoutSeconds: 10 - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - periodSeconds: 10 - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-kube-controllers - namespace: kube-system - ---- - -# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: calico-kube-controllers - ---- -# Source: calico/templates/calico-etcd-secrets.yaml - ---- -# Source: calico/templates/configure-canal.yaml - - diff --git a/upup/pkg/fi/cloudup/apply_cluster.go b/upup/pkg/fi/cloudup/apply_cluster.go index 6536f1f80a3ed..83ba8afcd52a7 100644 --- a/upup/pkg/fi/cloudup/apply_cluster.go +++ b/upup/pkg/fi/cloudup/apply_cluster.go @@ -72,9 +72,9 @@ const ( starline = "*********************************************************************************" // OldestSupportedKubernetesVersion is the oldest kubernetes version that is supported in kOps. - OldestSupportedKubernetesVersion = "1.25.0" + OldestSupportedKubernetesVersion = "1.27.0" // OldestRecommendedKubernetesVersion is the oldest kubernetes version that is not deprecated in kOps. - OldestRecommendedKubernetesVersion = "1.27.0" + OldestRecommendedKubernetesVersion = "1.29.0" ) // TerraformCloudProviders is the list of cloud providers with terraform target support diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go index 0d758aced79e5..4446fbf685ef4 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go @@ -426,25 +426,6 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.CloudupModelBuilderContext) } } - if b.IsKubernetesLT("1.26") && - (b.Cluster.GetCloudProvider() == kops.CloudProviderAWS || - b.Cluster.GetCloudProvider() == kops.CloudProviderGCE) { - // AWS and GCE KCM-to-CCM leader migration - key := "leader-migration.rbac.addons.k8s.io" - - { - location := key + "/k8s-1.23.yaml" - id := "k8s-1.23" - - addons.Add(&channelsapi.AddonSpec{ - Name: fi.PtrTo(key), - Selector: map[string]string{"k8s-addon": key}, - Manifest: fi.PtrTo(location), - Id: id, - }) - } - } - { key := "limit-range.addons.k8s.io" version := "1.5.0" @@ -951,21 +932,10 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.CloudupModelBuilderContext) if b.Cluster.Spec.Networking.Flannel != nil { key := "networking.flannel" - if b.IsKubernetesGTE("v1.25.0") { + { id := "k8s-1.25" location := key + "/" + id + ".yaml" - addon := addons.Add(&channelsapi.AddonSpec{ - Name: fi.PtrTo(key), - Selector: networkingSelector(), - Manifest: fi.PtrTo(location), - Id: id, - }) - addon.BuildPrune = true - } else { - id := "k8s-1.12" - location := key + "/" + id + ".yaml" - addon := addons.Add(&channelsapi.AddonSpec{ Name: fi.PtrTo(key), Selector: networkingSelector(), @@ -979,21 +949,10 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.CloudupModelBuilderContext) if b.Cluster.Spec.Networking.Calico != nil { key := "networking.projectcalico.org" - if b.IsKubernetesGTE("v1.25.0") { + { id := "k8s-1.25" location := key + "/" + id + ".yaml" - addon := addons.Add(&channelsapi.AddonSpec{ - Name: fi.PtrTo(key), - Selector: networkingSelector(), - Manifest: fi.PtrTo(location), - Id: id, - }) - addon.BuildPrune = true - } else { - id := "k8s-1.22" - location := key + "/" + id + ".yaml" - addon := addons.Add(&channelsapi.AddonSpec{ Name: fi.PtrTo(key), Selector: networkingSelector(), @@ -1007,21 +966,10 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.CloudupModelBuilderContext) if b.Cluster.Spec.Networking.Canal != nil { key := "networking.projectcalico.org.canal" - if b.IsKubernetesGTE("v1.25.0") { + { id := "k8s-1.25" location := key + "/" + id + ".yaml" - addon := addons.Add(&channelsapi.AddonSpec{ - Name: fi.PtrTo(key), - Selector: networkingSelector(), - Manifest: fi.PtrTo(location), - Id: id, - }) - addon.BuildPrune = true - } else { - id := "k8s-1.22" - location := key + "/" + id + ".yaml" - addon := addons.Add(&channelsapi.AddonSpec{ Name: fi.PtrTo(key), Selector: networkingSelector(), diff --git a/upup/pkg/fi/cloudup/new_cluster_test.go b/upup/pkg/fi/cloudup/new_cluster_test.go index 20c3351ab0ae1..9fef00651e15d 100644 --- a/upup/pkg/fi/cloudup/new_cluster_test.go +++ b/upup/pkg/fi/cloudup/new_cluster_test.go @@ -441,7 +441,7 @@ func TestDefaultImage(t *testing.T) { { cluster: &api.Cluster{ Spec: api.ClusterSpec{ - KubernetesVersion: "v1.25.0", + KubernetesVersion: "v1.32.0", CloudProvider: api.CloudProviderSpec{ AWS: &api.AWSSpec{}, }, @@ -453,7 +453,7 @@ func TestDefaultImage(t *testing.T) { { cluster: &api.Cluster{ Spec: api.ClusterSpec{ - KubernetesVersion: "v1.25.0", + KubernetesVersion: "v1.32.0", CloudProvider: api.CloudProviderSpec{ AWS: &api.AWSSpec{}, }, @@ -465,7 +465,7 @@ func TestDefaultImage(t *testing.T) { { cluster: &api.Cluster{ Spec: api.ClusterSpec{ - KubernetesVersion: "v1.25.0", + KubernetesVersion: "v1.32.0", CloudProvider: api.CloudProviderSpec{ Azure: &api.AzureSpec{}, }, @@ -477,7 +477,7 @@ func TestDefaultImage(t *testing.T) { { cluster: &api.Cluster{ Spec: api.ClusterSpec{ - KubernetesVersion: "v1.25.0", + KubernetesVersion: "v1.32.0", CloudProvider: api.CloudProviderSpec{ GCE: &api.GCESpec{}, }, @@ -489,19 +489,7 @@ func TestDefaultImage(t *testing.T) { { cluster: &api.Cluster{ Spec: api.ClusterSpec{ - KubernetesVersion: "v1.25.0", - CloudProvider: api.CloudProviderSpec{ - DO: &api.DOSpec{}, - }, - }, - }, - architecture: architectures.ArchitectureAmd64, - expected: defaultDOImageFocal, - }, - { - cluster: &api.Cluster{ - Spec: api.ClusterSpec{ - KubernetesVersion: "v1.27.0", + KubernetesVersion: "v1.32.0", CloudProvider: api.CloudProviderSpec{ DO: &api.DOSpec{}, }, @@ -513,19 +501,7 @@ func TestDefaultImage(t *testing.T) { { cluster: &api.Cluster{ Spec: api.ClusterSpec{ - KubernetesVersion: "v1.25.0", - CloudProvider: api.CloudProviderSpec{ - Hetzner: &api.HetznerSpec{}, - }, - }, - }, - architecture: architectures.ArchitectureAmd64, - expected: defaultHetznerImageFocal, - }, - { - cluster: &api.Cluster{ - Spec: api.ClusterSpec{ - KubernetesVersion: "v1.27.0", + KubernetesVersion: "v1.32.0", CloudProvider: api.CloudProviderSpec{ Hetzner: &api.HetznerSpec{}, }, @@ -537,19 +513,7 @@ func TestDefaultImage(t *testing.T) { { cluster: &api.Cluster{ Spec: api.ClusterSpec{ - KubernetesVersion: "v1.25.0", - CloudProvider: api.CloudProviderSpec{ - Scaleway: &api.ScalewaySpec{}, - }, - }, - }, - architecture: architectures.ArchitectureAmd64, - expected: defaultScalewayImageFocal, - }, - { - cluster: &api.Cluster{ - Spec: api.ClusterSpec{ - KubernetesVersion: "v1.27.0", + KubernetesVersion: "v1.32.0", CloudProvider: api.CloudProviderSpec{ Scaleway: &api.ScalewaySpec{}, }, diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index f8df2d2140ab2..0ae70874b27d9 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -913,11 +913,7 @@ func (tf *TemplateFunctions) OpenStackCCMTag() string { if err != nil { tag = "latest" } else { - if parsed.Minor == 25 { - tag = "v1.25.5" - } else if parsed.Minor == 26 { - tag = "v1.26.2" - } else if parsed.Minor == 27 { + if parsed.Minor == 27 { tag = "v1.27.1" } else { // otherwise we use always .0 ccm image, if needed that can be overrided using clusterspec @@ -935,11 +931,7 @@ func (tf *TemplateFunctions) OpenStackCSITag() string { if err != nil { tag = "latest" } else { - if parsed.Minor == 25 { - tag = "v1.25.5" - } else if parsed.Minor == 26 { - tag = "v1.26.2" - } else if parsed.Minor == 27 { + if parsed.Minor == 27 { tag = "v1.27.1" } else { // otherwise we use always .0 csi image, if needed that can be overrided using cloud config spec diff --git a/upup/pkg/fi/cloudup/template_functions_test.go b/upup/pkg/fi/cloudup/template_functions_test.go index adc1b09c9db3c..d60b8d3519c6e 100644 --- a/upup/pkg/fi/cloudup/template_functions_test.go +++ b/upup/pkg/fi/cloudup/template_functions_test.go @@ -242,26 +242,6 @@ func Test_TemplateFunctions_CloudControllerConfigArgv(t *testing.T) { "--cloud-config=/etc/kubernetes/cloud.config", }, }, - { - desc: "Leader Migration", - cluster: &kops.Cluster{Spec: kops.ClusterSpec{ - CloudProvider: kops.CloudProviderSpec{ - Openstack: &kops.OpenstackSpec{}, - }, - ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{ - LeaderElection: &kops.LeaderElectionConfiguration{LeaderElect: fi.PtrTo(true)}, - EnableLeaderMigration: fi.PtrTo(true), - }, - }}, - expectedArgv: []string{ - "--enable-leader-migration=true", - "--leader-elect=true", - "--v=2", - "--cloud-provider=openstack", - "--use-service-account-credentials=true", - "--cloud-config=/etc/kubernetes/cloud.config", - }, - }, { desc: "Disable Controller", cluster: &kops.Cluster{Spec: kops.ClusterSpec{ From 1f69da94b684da7ce2ed29604d31bff62fa5c738 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 4 Jan 2025 14:39:11 +0200 Subject: [PATCH 2/2] hack/update-expected.sh --- .../cilium-eni/expected-v1alpha2.yaml | 11 +- .../create_cluster/cilium-eni/options.yaml | 2 +- .../complex-private/expected-v1alpha2.yaml | 34 +- .../complex-private/options.yaml | 2 +- .../complex/expected-v1alpha2.yaml | 29 +- .../create_cluster/complex/options.yaml | 2 +- .../create_cluster/ha/expected-v1alpha2.yaml | 29 +- .../create_cluster/ha/options.yaml | 2 +- .../ha_gce/expected-v1alpha2.yaml | 20 +- .../create_cluster/ha_gce/options.yaml | 2 +- .../ha_hetzner/expected-v1alpha2.yaml | 10 +- .../create_cluster/ha_hetzner/options.yaml | 2 +- .../ha_openstack/expected-v1alpha2.yaml | 2 +- .../create_cluster/ha_openstack/options.yaml | 2 +- .../ha_openstack_nodns/expected-v1alpha2.yaml | 2 +- .../ha_openstack_nodns/options.yaml | 2 +- .../expected-v1alpha2.yaml | 2 +- .../ha_openstack_octavia/options.yaml | 2 +- .../ha_shared_zone/expected-v1alpha2.yaml | 19 +- .../ha_shared_zone/options.yaml | 2 +- .../ha_shared_zones/expected-v1alpha2.yaml | 32 +- .../ha_shared_zones/options.yaml | 2 +- .../ingwspecified/expected-v1alpha2.yaml | 16 +- .../create_cluster/ingwspecified/options.yaml | 2 +- .../minimal-1.26-gce/expected-v1alpha2.yaml | 98 - .../minimal-1.29-gce/options.yaml | 7 - .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 2 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 8 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../minimal_feature-gates/options.yaml | 2 +- .../minimal_hetzner/expected-v1alpha2.yaml | 6 +- .../minimal_hetzner/options.yaml | 2 +- .../ngwspecified/expected-v1alpha2.yaml | 16 +- .../create_cluster/ngwspecified/options.yaml | 2 +- .../overrides/expected-v1alpha2.yaml | 11 +- .../create_cluster/overrides/options.yaml | 2 +- .../private/expected-v1alpha2.yaml | 16 +- .../create_cluster/private/options.yaml | 2 +- .../private_gce/expected-v1alpha2.yaml | 10 +- .../create_cluster/private_gce/options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../private_shared_subnets/options.yaml | 2 +- .../shared_subnets/expected-v1alpha2.yaml | 11 +- .../shared_subnets/options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../shared_subnets_vpc_lookup/options.yaml | 2 +- .../shared_vpc/expected-v1alpha2.yaml | 11 +- .../create_cluster/shared_vpc/options.yaml | 2 +- ...jects.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../aws-lb-controller/in-v1alpha2.yaml | 2 +- .../aws-lb-controller/kubernetes.tf | 4 +- ...ters.bastionuserdata.example.com_user_data | 2 +- ...odes.bastionuserdata.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...rdata.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 31 +- ...aws_s3_object_nodeupconfig-bastion_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../bastionadditional_user-data/kubernetes.tf | 6 +- ...rity-expander-custom.example.com_user_data | 2 +- ...rity-expander-custom.example.com_user_data | 2 +- ...rity-expander-custom.example.com_user_data | 2 +- ...rity-expander-custom.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ustom.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...t_nodeupconfig-nodes-high-priority_content | 33 +- ...ct_nodeupconfig-nodes-low-priority_content | 33 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 +- ...as-priority-expander.example.com_user_data | 2 +- ...as-priority-expander.example.com_user_data | 2 +- ...as-priority-expander.example.com_user_data | 2 +- ...as-priority-expander.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ander.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...t_nodeupconfig-nodes-high-priority_content | 33 +- ...ct_nodeupconfig-nodes-low-priority_content | 33 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 +- ...mplex.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...-1a.masters.compress.example.com_user_data | 2 +- ...plate_nodes.compress.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...press.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/compress/in-v1alpha2.yaml | 2 +- .../update_cluster/compress/kubernetes.tf | 4 +- ...a.masters.containerd.example.com_user_data | 2 +- ...ate_nodes.containerd.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...inerd.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 25 +- .../containerd-custom/in-v1alpha2.yaml | 2 +- .../containerd-custom/kubernetes.tf | 4 +- ...a.masters.containerd.example.com_user_data | 2 +- ...ate_nodes.containerd.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...inerd.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../containerd/in-v1alpha2.yaml | 2 +- .../update_cluster/containerd/kubernetes.tf | 4 +- ...-test-1a.masters.123.example.com_user_data | 2 +- ...h_template_nodes.123.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...t_123.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/digit/in-v1alpha2.yaml | 2 +- .../update_cluster/digit/kubernetes.tf | 4 +- ...masters.existing-iam.example.com_user_data | 2 +- ...masters.existing-iam.example.com_user_data | 2 +- ...masters.existing-iam.example.com_user_data | 2 +- ...e_nodes.existing-iam.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...g-iam.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../existing_iam/in-v1alpha2.yaml | 2 +- .../update_cluster/existing_iam/kubernetes.tf | 8 +- ...a.masters.existingsg.example.com_user_data | 2 +- ...b.masters.existingsg.example.com_user_data | 2 +- ...c.masters.existingsg.example.com_user_data | 2 +- ...ate_nodes.existingsg.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ingsg.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../existing_sg/in-v1alpha2.yaml | 2 +- .../update_cluster/existing_sg/kubernetes.tf | 8 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../external_dns/in-v1alpha2.yaml | 2 +- .../update_cluster/external_dns/kubernetes.tf | 4 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../external_dns_irsa/in-v1alpha2.yaml | 2 +- .../external_dns_irsa/kubernetes.tf | 4 +- ...a.masters.externallb.example.com_user_data | 2 +- ...ate_nodes.externallb.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nallb.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../externallb/in-v1alpha2.yaml | 2 +- .../update_cluster/externallb/kubernetes.tf | 4 +- ...ers.externalpolicies.example.com_user_data | 2 +- ...des.externalpolicies.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...icies.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../externalpolicies/in-v1alpha2.yaml | 2 +- .../externalpolicies/kubernetes.tf | 4 +- ...s-test-1a.masters.ha.example.com_user_data | 2 +- ...s-test-1b.masters.ha.example.com_user_data | 2 +- ...s-test-1c.masters.ha.example.com_user_data | 2 +- ...ch_template_nodes.ha.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ct_ha.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/ha/in-v1alpha2.yaml | 2 +- .../update_cluster/ha/kubernetes.tf | 8 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...a-gce.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- ...ect_nodeupconfig-master-us-test1-b_content | 40 +- ...ect_nodeupconfig-master-us-test1-c_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...t1-a-ha-gce-example-com_metadata_user-data | 2 +- ...t1-b-ha-gce-example-com_metadata_user-data | 2 +- ...t1-c-ha-gce-example-com_metadata_user-data | 2 +- ...odes-ha-gce-example-com_metadata_user-data | 2 +- .../update_cluster/ha_gce/in-v1alpha2.yaml | 2 +- .../update_cluster/ha_gce/kubernetes.tf | 8 - ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/irsa/in-v1alpha2.yaml | 2 +- .../update_cluster/irsa/kubernetes.tf | 4 +- ...odes-default.minimal.example.com_user_data | 2 +- ...-machinetype.minimal.example.com_user_data | 2 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...deupconfig-karpenter-nodes-default_content | 33 +- ...karpenter-nodes-single-machinetype_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/karpenter/in-v1alpha2.yaml | 2 +- .../update_cluster/karpenter/kubernetes.tf | 16 +- .../lifecycle_phases/in-v1alpha2.yaml | 2 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../many-addons-ccm-irsa/in-v1alpha2.yaml | 2 +- .../many-addons-ccm-irsa/kubernetes.tf | 4 +- .../many-addons-ccm-irsa25/README.md | 9 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 116 - ....kube-system.sa.minimal.example.com_policy | 118 - ....kube-system.sa.minimal.example.com_policy | 26 - ....kube-system.sa.minimal.example.com_policy | 32 - ....kube-system.sa.minimal.example.com_policy | 35 - ....kube-system.sa.minimal.example.com_policy | 91 - ..._policy_masters.minimal.example.com_policy | 137 - ...le_policy_nodes.minimal.example.com_policy | 48 - ...t-1a.masters.minimal.example.com_user_data | 138 - ...s_s3_object_cluster-completed.spec_content | 249 - .../data/aws_s3_object_discovery.json_content | 18 - .../data/aws_s3_object_keys.json_content | 20 - ...cdmanager-events-master-us-test-1a_content | 137 - ...etcdmanager-main-master-us-test-1a_content | 137 - ...-controller.addons.k8s.io-k8s-1.18_content | 253 - ...-csi-driver.addons.k8s.io-k8s-1.17_content | 1209 -- ...-controller.addons.k8s.io-k8s-1.19_content | 1264 -- ...nimal.example.com-addons-bootstrap_content | 215 - ...com-addons-certmanager.io-k8s-1.16_content | 10095 ---------------- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 399 - ...-controller.addons.k8s.io-k8s-1.12_content | 155 - ...-controller.addons.k8s.io-k8s-1.16_content | 225 - ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...rics-server.addons.k8s.io-k8s-1.11_content | 276 - ...ing.amazon-vpc-routed-eni-k8s-1.16_content | 682 -- ...e-termination-handler.aws-k8s-1.11_content | 285 - ...-controller.addons.k8s.io-k8s-1.20_content | 1372 --- ...ect_nodeupconfig-master-us-test-1a_content | 334 - .../aws_s3_object_nodeupconfig-nodes_content | 62 - .../many-addons-ccm-irsa25/in-v1alpha2.yaml | 95 - .../many-addons-ccm-irsa25/kubernetes.tf | 1213 -- .../many-addons-ccm-irsa26/README.md | 9 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 116 - ....kube-system.sa.minimal.example.com_policy | 118 - ....kube-system.sa.minimal.example.com_policy | 26 - ....kube-system.sa.minimal.example.com_policy | 32 - ....kube-system.sa.minimal.example.com_policy | 35 - ....kube-system.sa.minimal.example.com_policy | 91 - ..._policy_masters.minimal.example.com_policy | 137 - ...le_policy_nodes.minimal.example.com_policy | 48 - ...t-1a.masters.minimal.example.com_user_data | 138 - ...s_s3_object_cluster-completed.spec_content | 256 - .../data/aws_s3_object_discovery.json_content | 18 - .../data/aws_s3_object_keys.json_content | 20 - ...cdmanager-events-master-us-test-1a_content | 137 - ...etcdmanager-main-master-us-test-1a_content | 137 - ...-controller.addons.k8s.io-k8s-1.18_content | 253 - ...-csi-driver.addons.k8s.io-k8s-1.17_content | 1209 -- ...-controller.addons.k8s.io-k8s-1.19_content | 1264 -- ...nimal.example.com-addons-bootstrap_content | 216 - ...com-addons-certmanager.io-k8s-1.16_content | 10095 ---------------- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 399 - ...-controller.addons.k8s.io-k8s-1.12_content | 155 - ...-controller.addons.k8s.io-k8s-1.16_content | 227 - ...rics-server.addons.k8s.io-k8s-1.11_content | 276 - ...ing.amazon-vpc-routed-eni-k8s-1.16_content | 682 -- ...e-termination-handler.aws-k8s-1.11_content | 285 - ...odelocaldns.addons.k8s.io-k8s-1.12_content | 206 - ...-controller.addons.k8s.io-k8s-1.20_content | 1372 --- ...ect_nodeupconfig-master-us-test-1a_content | 334 - .../aws_s3_object_nodeupconfig-nodes_content | 62 - .../many-addons-ccm-irsa26/in-v1alpha2.yaml | 103 - .../many-addons-ccm-irsa26/kubernetes.tf | 1213 -- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../many-addons-ccm/in-v1alpha2.yaml | 2 +- .../many-addons-ccm/kubernetes.tf | 4 +- ...s_s3_object_cluster-completed.spec_content | 16 +- ...nimal.example.com-addons-bootstrap_content | 9 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...1-a-minimal-example-com_metadata_user-data | 2 +- ...des-minimal-example-com_metadata_user-data | 2 +- .../many-addons-gce/in-v1alpha2.yaml | 2 +- .../many-addons-gce/kubernetes.tf | 8 - ....masters.many-addons.example.com_user_data | 2 +- ...te_nodes.many-addons.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ddons.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../many-addons/in-v1alpha2.yaml | 2 +- .../update_cluster/many-addons/kubernetes.tf | 4 +- ...mal.example.com-ASGLifecycle_event_pattern | 1 - ....com-InstanceScheduledChange_event_pattern | 1 - ...mple.com-InstanceStateChange_event_pattern | 1 - ...example.com-SpotInterruption_event_pattern | 1 - ...am_role_masters.minimal.example.com_policy | 10 - ..._iam_role_nodes.minimal.example.com_policy | 10 - ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 1 - ...mplate_nodes.minimal.example.com_user_data | 161 - ...s3_object_etcd-cluster-spec-events_content | 4 - ...s_s3_object_etcd-cluster-spec-main_content | 4 - .../aws_s3_object_kops-version.txt_content | 1 - ...-static-kube-apiserver-healthcheck_content | 33 - ...ons-coredns.addons.k8s.io-k8s-1.12_content | 383 - ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 17 - ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...m-addons-limit-range.addons.k8s.io_content | 15 - ...-storage-aws.addons.k8s.io-v1.15.0_content | 118 - .../aws_s3_object_nodeupconfig-nodes_content | 65 - ...s_sqs_queue_minimal-example-com-nth_policy | 16 - .../update_cluster/minimal-1.25/id_rsa.pub | 1 - ...mal.example.com-ASGLifecycle_event_pattern | 1 - ....com-InstanceScheduledChange_event_pattern | 1 - ...mple.com-InstanceStateChange_event_pattern | 1 - ...example.com-SpotInterruption_event_pattern | 1 - ...am_role_masters.minimal.example.com_policy | 10 - ..._iam_role_nodes.minimal.example.com_policy | 10 - ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 1 - ...mplate_nodes.minimal.example.com_user_data | 161 - ...s3_object_etcd-cluster-spec-events_content | 4 - ...s_s3_object_etcd-cluster-spec-main_content | 4 - .../aws_s3_object_kops-version.txt_content | 1 - ...-static-kube-apiserver-healthcheck_content | 33 - ...ons-coredns.addons.k8s.io-k8s-1.12_content | 383 - ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 17 - ...m-addons-limit-range.addons.k8s.io_content | 15 - ...-storage-aws.addons.k8s.io-v1.15.0_content | 118 - .../aws_s3_object_nodeupconfig-nodes_content | 65 - ...s_sqs_queue_minimal-example-com-nth_policy | 16 - .../update_cluster/minimal-1.26/id_rsa.pub | 1 - ...mal.example.com-ASGLifecycle_event_pattern | 0 ....com-InstanceScheduledChange_event_pattern | 0 ...mple.com-InstanceStateChange_event_pattern | 0 ...example.com-SpotInterruption_event_pattern | 0 ...am_role_masters.minimal.example.com_policy | 0 ..._iam_role_nodes.minimal.example.com_policy | 0 ..._policy_masters.minimal.example.com_policy | 0 ...le_policy_nodes.minimal.example.com_policy | 0 ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 0 ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...s3_object_etcd-cluster-spec-events_content | 0 ...s_s3_object_etcd-cluster-spec-main_content | 0 .../aws_s3_object_kops-version.txt_content | 0 ...cdmanager-events-master-us-test-1a_content | 0 ...etcdmanager-main-master-us-test-1a_content | 0 ...-static-kube-apiserver-healthcheck_content | 0 ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-csi-driver.addons.k8s.io-k8s-1.17_content | 0 ...nimal.example.com-addons-bootstrap_content | 2 +- ...ons-coredns.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.16_content | 0 ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 0 ...m-addons-limit-range.addons.k8s.io_content | 0 ...e-termination-handler.aws-k8s-1.11_content | 0 ...-storage-aws.addons.k8s.io-v1.15.0_content | 0 ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 64 + ...s_sqs_queue_minimal-example-com-nth_policy | 0 .../id_rsa.pub | 0 .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 0 ...mal.example.com-ASGLifecycle_event_pattern | 0 ....com-InstanceScheduledChange_event_pattern | 0 ...mple.com-InstanceStateChange_event_pattern | 0 ...example.com-SpotInterruption_event_pattern | 0 ...am_role_masters.minimal.example.com_policy | 0 ..._iam_role_nodes.minimal.example.com_policy | 0 ..._policy_masters.minimal.example.com_policy | 0 ...le_policy_nodes.minimal.example.com_policy | 0 ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 0 ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...s3_object_etcd-cluster-spec-events_content | 0 ...s_s3_object_etcd-cluster-spec-main_content | 0 .../aws_s3_object_kops-version.txt_content | 0 ...cdmanager-events-master-us-test-1a_content | 0 ...etcdmanager-main-master-us-test-1a_content | 0 ...-static-kube-apiserver-healthcheck_content | 0 ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-csi-driver.addons.k8s.io-k8s-1.17_content | 0 ...nimal.example.com-addons-bootstrap_content | 11 +- ...ons-coredns.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 0 ...m-addons-limit-range.addons.k8s.io_content | 0 ...e-termination-handler.aws-k8s-1.11_content | 0 ...-storage-aws.addons.k8s.io-v1.15.0_content | 0 ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 64 + ...s_sqs_queue_minimal-example-com-nth_policy | 0 .../id_rsa.pub | 0 .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 - ...l-aws.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 2 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-dns-none/in-v1alpha2.yaml | 2 +- ...masters.minimal-etcd.example.com_user_data | 2 +- ...e_nodes.minimal-etcd.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-etcd.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-etcd/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal-etcd/kubernetes.tf | 4 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-gp3/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal-gp3/kubernetes.tf | 4 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../minimal-ipv6-calico/in-v1alpha2.yaml | 2 +- .../minimal-ipv6-calico/kubernetes.tf | 12 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../minimal-ipv6-cilium/in-v1alpha2.yaml | 2 +- .../minimal-ipv6-cilium/kubernetes.tf | 12 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 12 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-ipv6/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal-ipv6/kubernetes.tf | 12 +- ...cluster-name.minimal.example.com_user_data | 2 +- ...cluster-name.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../minimal-longclustername/in-v1alpha2.yaml | 2 +- .../minimal-longclustername/kubernetes.tf | 4 +- ...ers.minimal-warmpool.example.com_user_data | 2 +- ...des.minimal-warmpool.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...mpool.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-warmpool/in-v1alpha2.yaml | 2 +- .../minimal-warmpool/kubernetes.tf | 4 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...l-gce.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...minimal-gce-example-com_metadata_user-data | 2 +- ...minimal-gce-example-com_metadata_user-data | 2 +- .../minimal_gce/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal_gce/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...l-gce.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...minimal-gce-example-com_metadata_user-data | 2 +- ...minimal-gce-example-com_metadata_user-data | 2 +- .../minimal_gce_dns-none/in-v1alpha2.yaml | 2 +- .../minimal_gce_dns-none/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...e-ilb.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...mal-gce-ilb-example-com_metadata_user-data | 2 +- ...mal-gce-ilb-example-com_metadata_user-data | 2 +- .../minimal_gce_ilb/in-v1alpha2.yaml | 2 +- .../minimal_gce_ilb/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...-name.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...y-long-name-example-com_metadata_user-data | 2 +- ...y-long-name-example-com_metadata_user-data | 2 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...-name.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...g-name-example-com_metadata_startup-script | 2 +- ...g-name-example-com_metadata_startup-script | 2 +- .../in-v1alpha2.yaml | 2 +- .../minimal_gce_longclustername/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...e-plb.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...mal-gce-plb-example-com_metadata_user-data | 2 +- ...mal-gce-plb-example-com_metadata_user-data | 2 +- .../minimal_gce_plb/in-v1alpha2.yaml | 2 +- .../minimal_gce_plb/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...ivate.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...gce-private-example-com_metadata_user-data | 2 +- ...gce-private-example-com_metadata_user-data | 2 +- .../minimal_gce_private/in-v1alpha2.yaml | 2 +- .../minimal_gce_private/kubernetes.tf | 8 - ...est-1a.masters.minimal.k8s.local_user_data | 2 +- ...template_nodes.minimal.k8s.local_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...minimal.k8s.local-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal_gossip/in-v1alpha2.yaml | 2 +- .../minimal_gossip/kubernetes.tf | 4 +- ...est-1a.masters.minimal.k8s.local_user_data | 2 +- ...template_nodes.minimal.k8s.local_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...minimal.k8s.local-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal_gossip_irsa/in-v1alpha2.yaml | 2 +- .../minimal_gossip_irsa/kubernetes.tf | 4 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s3_object_nodeupconfig-master-fsn1_content | 34 +- ..._s3_object_nodeupconfig-nodes-fsn1_content | 28 +- .../data/hcloud_server_master-fsn1_user_data | 2 +- .../data/hcloud_server_nodes-fsn1_user_data | 2 +- .../minimal_hetzner/in-v1alpha2.yaml | 2 +- .../minimal_openstack/in-v1alpha2.yaml | 2 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...odeupconfig-control-plane-fr-par-1_content | 28 +- ...object_nodeupconfig-nodes-fr-par-1_content | 22 +- ...minimal.k8s.local-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ..._server_control-plane-fr-par-1-0_user_data | 2 +- ...instance_server_nodes-fr-par-1-0_user_data | 2 +- .../minimal_scaleway/in-v1alpha2.yaml | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...nodes.mixedinstances.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ances.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../mixed_instances/in-v1alpha2.yaml | 2 +- .../mixed_instances/kubernetes.tf | 8 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...nodes.mixedinstances.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ances.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../mixed_instances_spot/in-v1alpha2.yaml | 2 +- .../mixed_instances_spot/kubernetes.tf | 8 +- ...ssor.longclustername.example.com_user_data | 2 +- ...ssor.longclustername.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...rname.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../nth-imds-processor-irsa/in-v1alpha2.yaml | 2 +- .../nth-imds-processor-irsa/kubernetes.tf | 4 +- ...ssor.longclustername.example.com_user_data | 2 +- ...ssor.longclustername.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...rname.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../nth-imds-processor/in-v1alpha2.yaml | 2 +- .../nth-imds-processor/kubernetes.tf | 4 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/nvidia/in-v1alpha2.yaml | 2 +- .../update_cluster/nvidia/kubernetes.tf | 4 +- .../openstack_floatingip/in-v1alpha2.yaml | 2 +- ...rs.private-shared-ip.example.com_user_data | 2 +- ...es.private-shared-ip.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ed-ip.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../private-shared-ip/in-v1alpha2.yaml | 2 +- .../private-shared-ip/kubernetes.tf | 6 +- ...rivate-shared-subnet.example.com_user_data | 2 +- ...rivate-shared-subnet.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ubnet.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../private-shared-subnet/in-v1alpha2.yaml | 2 +- .../private-shared-subnet/kubernetes.tf | 6 +- ...asters.privatecalico.example.com_user_data | 2 +- ..._nodes.privatecalico.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...alico.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - .../privatecalico/in-v1alpha2.yaml | 2 +- .../privatecalico/kubernetes.tf | 10 +- ...masters.privatecanal.example.com_user_data | 2 +- ...e_nodes.privatecanal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 17 +- ...ect_nodeupconfig-master-us-test-1a_content | 28 +- .../aws_s3_object_nodeupconfig-nodes_content | 19 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...canal.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - .../privatecanal/in-v1alpha2.yaml | 2 +- .../update_cluster/privatecanal/kubernetes.tf | 14 +- ...asters.privatecilium.example.com_user_data | 2 +- ..._nodes.privatecilium.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ilium.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatecilium-eni/in-v1alpha2.yaml | 2 +- .../privatecilium-eni/kubernetes.tf | 6 +- ...asters.privatecilium.example.com_user_data | 2 +- ..._nodes.privatecilium.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ilium.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatecilium/in-v1alpha2.yaml | 2 +- .../privatecilium/kubernetes.tf | 6 +- ...ilium.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...rivateciliumadvanced.example.com_user_data | 2 +- ...rivateciliumadvanced.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 42 +- .../aws_s3_object_nodeupconfig-nodes_content | 27 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...anced.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privateciliumadvanced/in-v1alpha2.yaml | 2 +- .../privateciliumadvanced/kubernetes.tf | 6 +- ...edns1.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ....masters.privatedns2.example.com_user_data | 2 +- ...te_nodes.privatedns2.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...edns2.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatedns2/in-v1alpha2.yaml | 2 +- .../update_cluster/privatedns2/kubernetes.tf | 6 +- ...sters.privateflannel.example.com_user_data | 2 +- ...nodes.privateflannel.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 17 +- ...ect_nodeupconfig-master-us-test-1a_content | 28 +- .../aws_s3_object_nodeupconfig-nodes_content | 19 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...annel.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - .../privateflannel/in-v1alpha2.yaml | 2 +- .../privateflannel/kubernetes.tf | 14 +- ...asters.privatekopeio.example.com_user_data | 2 +- ..._nodes.privatekopeio.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...opeio.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatekopeio/in-v1alpha2.yaml | 2 +- .../privatekopeio/kubernetes.tf | 6 +- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...masters.sharedsubnet.example.com_user_data | 2 +- ...e_nodes.sharedsubnet.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ubnet.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../shared_subnet/in-v1alpha2.yaml | 2 +- .../shared_subnet/kubernetes.tf | 4 +- ...1a.masters.sharedvpc.example.com_user_data | 2 +- ...late_nodes.sharedvpc.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...edvpc.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../shared_vpc/in-v1alpha2.yaml | 2 +- .../update_cluster/shared_vpc/kubernetes.tf | 4 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../shared_vpc_ipv6/in-v1alpha2.yaml | 2 +- .../shared_vpc_ipv6/kubernetes.tf | 12 +- ...1a.masters.unmanaged.example.com_user_data | 2 +- ...late_nodes.unmanaged.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...naged.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../update_cluster/unmanaged/in-v1alpha2.yaml | 2 +- .../update_cluster/unmanaged/kubernetes.tf | 6 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/vfs-said/in-v1alpha2.yaml | 2 +- .../update_cluster/vfs-said/kubernetes.tf | 4 +- .../amazonvpc-containerd/manifest.yaml | 2 +- .../amazonvpc/manifest.yaml | 2 +- ...oud-controller.addons.k8s.io-k8s-1.18.yaml | 2 +- .../awscloudcontroller/manifest.yaml | 2 +- .../awsiamauthenticator/crd/manifest.yaml | 2 +- .../mappings/manifest.yaml | 2 +- .../coredns/manifest.yaml | 2 +- .../insecure-1.19/manifest.yaml | 9 +- .../metrics-server/secure-1.19/manifest.yaml | 9 +- .../simple/manifest.yaml | 2 +- 933 files changed, 3944 insertions(+), 48362 deletions(-) delete mode 100644 tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml delete mode 100644 tests/integration/create_cluster/minimal-1.29-gce/options.yaml rename tests/integration/create_cluster/{minimal-1.25 => minimal-1.31}/expected-v1alpha2.yaml (84%) rename tests/integration/create_cluster/{minimal-1.25 => minimal-1.31}/options.yaml (76%) rename tests/integration/create_cluster/{minimal-1.26 => minimal-1.32}/expected-v1alpha2.yaml (84%) rename tests/integration/create_cluster/{minimal-1.26 => minimal-1.32}/options.yaml (76%) rename tests/integration/create_cluster/{minimal-1.26-arm64 => minimal-arm64}/expected-v1alpha2.yaml (84%) rename tests/integration/create_cluster/{minimal-1.26-arm64 => minimal-arm64}/options.yaml (84%) rename tests/integration/create_cluster/{minimal-1.29-gce => minimal-gce-dns-none}/expected-v1alpha2.yaml (98%) rename tests/integration/create_cluster/{minimal-1.26-gce-dns-none => minimal-gce-dns-none}/options.yaml (81%) rename tests/integration/create_cluster/{minimal-1.26-gce-dns-none => minimal-gce}/expected-v1alpha2.yaml (89%) rename tests/integration/create_cluster/{minimal-1.26-gce => minimal-gce}/options.yaml (80%) rename tests/integration/create_cluster/{minimal-1.26-irsa => minimal-irsa}/expected-v1alpha2.yaml (85%) rename tests/integration/create_cluster/{minimal-1.26-irsa => minimal-irsa}/options.yaml (84%) delete mode 100644 tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/README.md delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/README.md delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf delete mode 100644 tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy delete mode 100755 tests/integration/update_cluster/minimal-1.25/id_rsa.pub delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy delete mode 100755 tests/integration/update_cluster/minimal-1.26/id_rsa.pub rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_iam_role_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_iam_role_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_iam_role_policy_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_iam_role_policy_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.31}/data/aws_launch_template_nodes.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_cluster-completed.spec_content (88%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_etcd-cluster-spec-events_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_etcd-cluster-spec-main_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_kops-version.txt_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content (99%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content (85%) create mode 100644 tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_sqs_queue_minimal-example-com-nth_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/id_rsa.pub (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/in-v1alpha2.yaml (98%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/kubernetes.tf (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_iam_role_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_iam_role_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_iam_role_policy_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_iam_role_policy_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.32}/data/aws_launch_template_nodes.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_cluster-completed.spec_content (88%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_etcd-cluster-spec-events_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_etcd-cluster-spec-main_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_kops-version.txt_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content (99%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content (91%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content (85%) create mode 100644 tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_sqs_queue_minimal-example-com-nth_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/id_rsa.pub (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/in-v1alpha2.yaml (98%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/kubernetes.tf (98%) delete mode 100644 tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content diff --git a/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml b/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml index 0fb8616893be2..2f1a23343e312 100644 --- a/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml @@ -42,7 +42,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cilium: @@ -71,9 +71,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -91,10 +89,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/cilium-eni/options.yaml b/tests/integration/create_cluster/cilium-eni/options.yaml index aa379db8feae1..c5646c327ea46 100644 --- a/tests/integration/create_cluster/cilium-eni/options.yaml +++ b/tests/integration/create_cluster/cilium-eni/options.yaml @@ -3,4 +3,4 @@ Zones: - us-test-1a CloudProvider: aws Networking: cilium-eni -KubernetesVersion: v1.26.0 \ No newline at end of file +KubernetesVersion: v1.32.0 \ No newline at end of file diff --git a/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml b/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml index 6a74922394ed7..f7f535b37866e 100644 --- a/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml @@ -57,7 +57,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -135,10 +135,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -162,9 +159,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -182,9 +177,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -202,9 +195,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -222,10 +213,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 4 minSize: 4 @@ -244,10 +232,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 @@ -265,10 +250,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 diff --git a/tests/integration/create_cluster/complex-private/options.yaml b/tests/integration/create_cluster/complex-private/options.yaml index 6307945106be8..eb1ae04d3341a 100644 --- a/tests/integration/create_cluster/complex-private/options.yaml +++ b/tests/integration/create_cluster/complex-private/options.yaml @@ -15,7 +15,7 @@ Topology: private Bastion: true ControlPlaneCount: 3 NodeCount: 10 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 # We specify SSHAccess but _not_ AdminAccess SSHAccess: - 1.2.3.4/32 diff --git a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml index b0c986c587447..0ef003d62baee 100644 --- a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml @@ -57,7 +57,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -107,9 +107,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -127,9 +125,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -147,9 +143,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -167,10 +161,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 4 minSize: 4 @@ -189,10 +180,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 @@ -210,10 +198,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 diff --git a/tests/integration/create_cluster/complex/options.yaml b/tests/integration/create_cluster/complex/options.yaml index 205eeb0bdd59d..26248bd038226 100644 --- a/tests/integration/create_cluster/complex/options.yaml +++ b/tests/integration/create_cluster/complex/options.yaml @@ -13,7 +13,7 @@ NetworkCIDRs: Networking: cni ControlPlaneCount: 3 NodeCount: 10 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 # We specify SSHAccess but _not_ AdminAccess SSHAccess: - 1.2.3.4/32 diff --git a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml index f1e0983fdf15f..1eef6340ceb25 100644 --- a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml @@ -52,7 +52,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -87,9 +87,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -107,9 +105,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -127,9 +123,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -147,10 +141,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 @@ -168,10 +159,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 @@ -189,10 +177,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha/options.yaml b/tests/integration/create_cluster/ha/options.yaml index be1b8f9973392..9473cc23d0996 100644 --- a/tests/integration/create_cluster/ha/options.yaml +++ b/tests/integration/create_cluster/ha/options.yaml @@ -9,4 +9,4 @@ ControlPlaneZones: - us-test-1c CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml index cef73986828c9..a98010f6d9718 100644 --- a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml @@ -46,7 +46,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -73,7 +73,7 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: control-plane-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -93,7 +93,7 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: control-plane-us-test1-b spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -113,7 +113,7 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: control-plane-us-test1-c spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -133,12 +133,10 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: nodes-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 @@ -155,12 +153,10 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: nodes-us-test1-b spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 @@ -177,12 +173,10 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: nodes-us-test1-c spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 diff --git a/tests/integration/create_cluster/ha_gce/options.yaml b/tests/integration/create_cluster/ha_gce/options.yaml index 4545eec363f70..cc6fd6ba24349 100644 --- a/tests/integration/create_cluster/ha_gce/options.yaml +++ b/tests/integration/create_cluster/ha_gce/options.yaml @@ -4,7 +4,7 @@ ControlPlaneZones: - us-test1-a - us-test1-b - us-test1-c -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Networking: cni Project: testproject Zones: diff --git a/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml index 82ee7ba1f402f..3b4ca425ebd76 100644 --- a/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml @@ -45,7 +45,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -71,7 +71,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-fsn1-1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -89,7 +89,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-fsn1-2 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -107,7 +107,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-fsn1-3 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -125,7 +125,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-fsn1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha_hetzner/options.yaml b/tests/integration/create_cluster/ha_hetzner/options.yaml index 0bc0c36d903ad..d97e2d2f01874 100644 --- a/tests/integration/create_cluster/ha_hetzner/options.yaml +++ b/tests/integration/create_cluster/ha_hetzner/options.yaml @@ -1,6 +1,6 @@ CloudProvider: hetzner ClusterName: ha.example.com -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml index ceaf1bec5116a..b0cd71c363a1a 100644 --- a/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml @@ -59,7 +59,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} diff --git a/tests/integration/create_cluster/ha_openstack/options.yaml b/tests/integration/create_cluster/ha_openstack/options.yaml index 3d5c3546cb4f4..e7948a6672444 100644 --- a/tests/integration/create_cluster/ha_openstack/options.yaml +++ b/tests/integration/create_cluster/ha_openstack/options.yaml @@ -1,7 +1,7 @@ CloudProvider: openstack ClusterName: minimal.k8s.local Image: ubuntu-20.04 -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml index d77cb26fa70f1..a5879208f0286 100644 --- a/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml @@ -67,7 +67,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: calico: {} diff --git a/tests/integration/create_cluster/ha_openstack_nodns/options.yaml b/tests/integration/create_cluster/ha_openstack_nodns/options.yaml index e2888b95cc8d1..3d911a997c303 100644 --- a/tests/integration/create_cluster/ha_openstack_nodns/options.yaml +++ b/tests/integration/create_cluster/ha_openstack_nodns/options.yaml @@ -1,7 +1,7 @@ CloudProvider: openstack ClusterName: ha.example.com Image: ubuntu-20.04 -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml index 96a2fdc856b85..13c0126ec7779 100644 --- a/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml @@ -65,7 +65,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} diff --git a/tests/integration/create_cluster/ha_openstack_octavia/options.yaml b/tests/integration/create_cluster/ha_openstack_octavia/options.yaml index f8af97a05e78c..b6efc5d04c8cb 100644 --- a/tests/integration/create_cluster/ha_openstack_octavia/options.yaml +++ b/tests/integration/create_cluster/ha_openstack_octavia/options.yaml @@ -1,7 +1,7 @@ CloudProvider: openstack ClusterName: minimal.k8s.local Image: ubuntu-20.04 -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml index 2aa468ea647af..26630bdbacffd 100644 --- a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml @@ -52,7 +52,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -79,9 +79,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-1 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -99,9 +97,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-2 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -119,9 +115,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-3 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -139,10 +133,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha_shared_zone/options.yaml b/tests/integration/create_cluster/ha_shared_zone/options.yaml index 7b6356fad1801..1a012bd11c102 100644 --- a/tests/integration/create_cluster/ha_shared_zone/options.yaml +++ b/tests/integration/create_cluster/ha_shared_zone/options.yaml @@ -4,4 +4,4 @@ Zones: ControlPlaneCount: 3 CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml index b36c2dbee867d..576ffcf42dc68 100644 --- a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml @@ -64,7 +64,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -95,9 +95,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-1 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -115,9 +113,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-2 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -135,9 +131,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-3 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -155,9 +149,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1b-1 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -175,9 +167,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1b-2 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -195,10 +185,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 @@ -216,10 +203,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha_shared_zones/options.yaml b/tests/integration/create_cluster/ha_shared_zones/options.yaml index af2b10fca98a1..577a2a6556c90 100644 --- a/tests/integration/create_cluster/ha_shared_zones/options.yaml +++ b/tests/integration/create_cluster/ha_shared_zones/options.yaml @@ -5,4 +5,4 @@ Zones: ControlPlaneCount: 5 CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml index 29f31f19d6770..d1f75814ae31c 100644 --- a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -72,10 +72,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -93,9 +90,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -113,10 +108,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ingwspecified/options.yaml b/tests/integration/create_cluster/ingwspecified/options.yaml index 97fb3995cb158..c7b537c488411 100644 --- a/tests/integration/create_cluster/ingwspecified/options.yaml +++ b/tests/integration/create_cluster/ingwspecified/options.yaml @@ -6,4 +6,4 @@ Networking: cni Topology: private Bastion: true Egress: i-09123456 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml deleted file mode 100644 index 1d599483b65ac..0000000000000 --- a/tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2017-01-01T00:00:00Z" - name: minimal.example.com -spec: - api: - loadBalancer: - type: Public - authorization: - rbac: {} - channel: stable - cloudConfig: {} - cloudProvider: gce - configBase: memfs://tests/minimal.example.com - etcdClusters: - - cpuRequest: 200m - etcdMembers: - - instanceGroup: control-plane-us-test1-a - name: a - manager: - backupRetentionDays: 90 - memoryRequest: 100Mi - name: main - - cpuRequest: 100m - etcdMembers: - - instanceGroup: control-plane-us-test1-a - name: a - manager: - backupRetentionDays: 90 - memoryRequest: 100Mi - name: events - iam: - allowContainerRegistry: true - legacy: false - kubelet: - anonymousAuth: false - kubernetesApiAccess: - - 0.0.0.0/0 - - ::/0 - kubernetesVersion: v1.26.0 - networking: - cni: {} - nonMasqueradeCIDR: 100.64.0.0/10 - project: testproject - sshAccess: - - 0.0.0.0/0 - - ::/0 - subnets: - - cidr: 10.0.16.0/20 - name: us-test1 - region: us-test1 - type: Public - topology: - dns: - type: None - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2017-01-01T00:00:00Z" - labels: - kops.k8s.io/cluster: minimal.example.com - name: control-plane-us-test1-a -spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 - machineType: e2-medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test1 - zones: - - us-test1-a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2017-01-01T00:00:00Z" - labels: - kops.k8s.io/cluster: minimal.example.com - name: nodes-us-test1-a -spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 - machineType: e2-medium - maxSize: 1 - minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" - role: Node - subnets: - - us-test1 - zones: - - us-test1-a diff --git a/tests/integration/create_cluster/minimal-1.29-gce/options.yaml b/tests/integration/create_cluster/minimal-1.29-gce/options.yaml deleted file mode 100644 index 321bcad03e159..0000000000000 --- a/tests/integration/create_cluster/minimal-1.29-gce/options.yaml +++ /dev/null @@ -1,7 +0,0 @@ -CloudProvider: gce -ClusterName: minimal.example.com -KubernetesVersion: v1.29.0 -Networking: cni -Project: testproject -Zones: - - us-test1-a diff --git a/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.31/expected-v1alpha2.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-1.31/expected-v1alpha2.yaml index 27efaf1a67afd..14520fd60b1b7 100644 --- a/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.31/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.31.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -67,9 +67,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -87,10 +85,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.25/options.yaml b/tests/integration/create_cluster/minimal-1.31/options.yaml similarity index 76% rename from tests/integration/create_cluster/minimal-1.25/options.yaml rename to tests/integration/create_cluster/minimal-1.31/options.yaml index 8ce23c28fe5bc..de2d35a9ed494 100644 --- a/tests/integration/create_cluster/minimal-1.25/options.yaml +++ b/tests/integration/create_cluster/minimal-1.31/options.yaml @@ -3,4 +3,4 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.31.0 diff --git a/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.32/expected-v1alpha2.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-1.32/expected-v1alpha2.yaml index a57b24ad10388..72cba71267daf 100644 --- a/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.32/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -67,9 +67,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -87,10 +85,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26/options.yaml b/tests/integration/create_cluster/minimal-1.32/options.yaml similarity index 76% rename from tests/integration/create_cluster/minimal-1.26/options.yaml rename to tests/integration/create_cluster/minimal-1.32/options.yaml index 18c88770d6d66..0a838c415cf74 100644 --- a/tests/integration/create_cluster/minimal-1.26/options.yaml +++ b/tests/integration/create_cluster/minimal-1.32/options.yaml @@ -3,4 +3,4 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 \ No newline at end of file +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-arm64/expected-v1alpha2.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-arm64/expected-v1alpha2.yaml index 57e798ac0b9e2..d86424a61eecc 100644 --- a/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-arm64/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -67,9 +67,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20241211 machineType: m6g.xlarge maxSize: 1 minSize: 1 @@ -87,10 +85,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20241211 machineType: m6g.xlarge maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26-arm64/options.yaml b/tests/integration/create_cluster/minimal-arm64/options.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.26-arm64/options.yaml rename to tests/integration/create_cluster/minimal-arm64/options.yaml index 1f7f2c4a253ea..744c96cae4983 100644 --- a/tests/integration/create_cluster/minimal-1.26-arm64/options.yaml +++ b/tests/integration/create_cluster/minimal-arm64/options.yaml @@ -3,7 +3,7 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 NodeSizes: - m6g.xlarge ControlPlaneSizes: diff --git a/tests/integration/create_cluster/minimal-1.29-gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-gce-dns-none/expected-v1alpha2.yaml similarity index 98% rename from tests/integration/create_cluster/minimal-1.29-gce/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-gce-dns-none/expected-v1alpha2.yaml index 74b298c6be88c..c4fc04ff4e006 100644 --- a/tests/integration/create_cluster/minimal-1.29-gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-gce-dns-none/expected-v1alpha2.yaml @@ -38,7 +38,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.29.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 diff --git a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/options.yaml b/tests/integration/create_cluster/minimal-gce-dns-none/options.yaml similarity index 81% rename from tests/integration/create_cluster/minimal-1.26-gce-dns-none/options.yaml rename to tests/integration/create_cluster/minimal-gce-dns-none/options.yaml index 6d84fb1df3062..59b6907dd13a2 100644 --- a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/options.yaml +++ b/tests/integration/create_cluster/minimal-gce-dns-none/options.yaml @@ -1,7 +1,7 @@ CloudProvider: gce ClusterName: minimal.example.com Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Project: testproject Zones: - us-test1-a diff --git a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-gce/expected-v1alpha2.yaml similarity index 89% rename from tests/integration/create_cluster/minimal-1.26-gce-dns-none/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-gce/expected-v1alpha2.yaml index 1d599483b65ac..c4fc04ff4e006 100644 --- a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-gce/expected-v1alpha2.yaml @@ -38,7 +38,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -65,7 +65,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -85,12 +85,10 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 diff --git a/tests/integration/create_cluster/minimal-1.26-gce/options.yaml b/tests/integration/create_cluster/minimal-gce/options.yaml similarity index 80% rename from tests/integration/create_cluster/minimal-1.26-gce/options.yaml rename to tests/integration/create_cluster/minimal-gce/options.yaml index 5c9e5aaacde1a..53c745d8809c5 100644 --- a/tests/integration/create_cluster/minimal-1.26-gce/options.yaml +++ b/tests/integration/create_cluster/minimal-gce/options.yaml @@ -1,6 +1,6 @@ CloudProvider: gce ClusterName: minimal.example.com -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Networking: cni Project: testproject Zones: diff --git a/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-irsa/expected-v1alpha2.yaml similarity index 85% rename from tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-irsa/expected-v1alpha2.yaml index 17c9ccd8d1678..8366a8b018bc7 100644 --- a/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-irsa/expected-v1alpha2.yaml @@ -41,7 +41,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -71,9 +71,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -91,10 +89,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26-irsa/options.yaml b/tests/integration/create_cluster/minimal-irsa/options.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.26-irsa/options.yaml rename to tests/integration/create_cluster/minimal-irsa/options.yaml index 8e009dd046474..608b334459895 100644 --- a/tests/integration/create_cluster/minimal-1.26-irsa/options.yaml +++ b/tests/integration/create_cluster/minimal-irsa/options.yaml @@ -3,5 +3,5 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 DiscoveryStore: memfs://tests/minimal.example.com/discovery \ No newline at end of file diff --git a/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml index 05cc16c8aa356..4c779a4ca48a5 100644 --- a/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml @@ -64,7 +64,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -91,9 +91,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -111,10 +109,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal_feature-gates/options.yaml b/tests/integration/create_cluster/minimal_feature-gates/options.yaml index 766d3f6fd8697..e83302b63c319 100644 --- a/tests/integration/create_cluster/minimal_feature-gates/options.yaml +++ b/tests/integration/create_cluster/minimal_feature-gates/options.yaml @@ -3,7 +3,7 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 KubernetesFeatureGates: - SELinuxMountReadWriteOncePod - +ReadWriteOncePod diff --git a/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml index ccd62f5e516e9..ed2bd56efdf25 100644 --- a/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -63,7 +63,7 @@ metadata: kops.k8s.io/cluster: minimal.k8s.local name: control-plane-fsn1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -81,7 +81,7 @@ metadata: kops.k8s.io/cluster: minimal.k8s.local name: nodes-fsn1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal_hetzner/options.yaml b/tests/integration/create_cluster/minimal_hetzner/options.yaml index e206e8251ff41..de10df143a28d 100644 --- a/tests/integration/create_cluster/minimal_hetzner/options.yaml +++ b/tests/integration/create_cluster/minimal_hetzner/options.yaml @@ -1,6 +1,6 @@ CloudProvider: hetzner ClusterName: minimal.k8s.local -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 NetworkCIDRs: - 10.0.0.0/16 Networking: cni diff --git a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml index 5d17009d6831e..8a688d9d47975 100644 --- a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -72,10 +72,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -93,9 +90,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -113,10 +108,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ngwspecified/options.yaml b/tests/integration/create_cluster/ngwspecified/options.yaml index 79ff8af57f1fd..50ad8308852a9 100644 --- a/tests/integration/create_cluster/ngwspecified/options.yaml +++ b/tests/integration/create_cluster/ngwspecified/options.yaml @@ -6,4 +6,4 @@ Networking: cni Topology: private Bastion: true Egress: nat-09123456 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml index f1ada8bfd78ae..e938324352a09 100644 --- a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -70,9 +70,7 @@ metadata: kops.k8s.io/cluster: overrides.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -90,10 +88,7 @@ metadata: kops.k8s.io/cluster: overrides.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/overrides/options.yaml b/tests/integration/create_cluster/overrides/options.yaml index c1a41132001d2..0daa7cac04269 100644 --- a/tests/integration/create_cluster/overrides/options.yaml +++ b/tests/integration/create_cluster/overrides/options.yaml @@ -3,6 +3,6 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Sets: - cluster.spec.nodePortAccess=1.2.3.4/32,10.20.30.0/24 diff --git a/tests/integration/create_cluster/private/expected-v1alpha2.yaml b/tests/integration/create_cluster/private/expected-v1alpha2.yaml index 1e8c636df69ce..dba9cefe4a7a1 100644 --- a/tests/integration/create_cluster/private/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private/expected-v1alpha2.yaml @@ -44,7 +44,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -75,10 +75,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -99,9 +96,7 @@ spec: additionalSecurityGroups: - sg-exampleid3 - sg-exampleid4 - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -122,10 +117,7 @@ spec: additionalSecurityGroups: - sg-exampleid - sg-exampleid2 - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/private/options.yaml b/tests/integration/create_cluster/private/options.yaml index 67c34383084d2..c1273284f62a9 100644 --- a/tests/integration/create_cluster/private/options.yaml +++ b/tests/integration/create_cluster/private/options.yaml @@ -11,5 +11,5 @@ NodeSecurityGroups: ControlPlaneSecurityGroups: - sg-exampleid3 - sg-exampleid4 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 cloudLabels: "Owner=John Doe,dn=\"cn=John Doe: dc=example dc=com\", foo/bar=fib+baz" diff --git a/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml index 1f1abdcd483db..df7b691043393 100644 --- a/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml @@ -43,7 +43,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -70,7 +70,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-micro maxSize: 1 minSize: 1 @@ -93,7 +93,7 @@ spec: additionalSecurityGroups: - sg-exampleid3 - sg-exampleid4 - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-standard-2 maxSize: 1 minSize: 1 @@ -116,12 +116,10 @@ spec: additionalSecurityGroups: - sg-exampleid - sg-exampleid2 - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 diff --git a/tests/integration/create_cluster/private_gce/options.yaml b/tests/integration/create_cluster/private_gce/options.yaml index 47a41f2809342..b31fc1870c383 100644 --- a/tests/integration/create_cluster/private_gce/options.yaml +++ b/tests/integration/create_cluster/private_gce/options.yaml @@ -11,7 +11,7 @@ NodeSecurityGroups: ControlPlaneSecurityGroups: - sg-exampleid3 - sg-exampleid4 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 cloudLabels: "Owner=John Doe,dn=\"cn=John Doe: dc=example dc=com\", foo/bar=fib+baz" Project: testproject GCEServiceAccount: test-account@testproject.iam.gserviceaccount.com diff --git a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml index fc731b7a24ba9..4f5af56341d76 100644 --- a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -74,9 +74,7 @@ metadata: kops.k8s.io/cluster: private-subnets.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -94,10 +92,7 @@ metadata: kops.k8s.io/cluster: private-subnets.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/private_shared_subnets/options.yaml b/tests/integration/create_cluster/private_shared_subnets/options.yaml index 7ad395653d196..cc973b95fa4bf 100644 --- a/tests/integration/create_cluster/private_shared_subnets/options.yaml +++ b/tests/integration/create_cluster/private_shared_subnets/options.yaml @@ -9,4 +9,4 @@ SubnetIDs: - subnet-1 UtilitySubnetIDs: - subnet-2 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml index 95ce09a1832ed..49077f5582d4e 100644 --- a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -69,9 +69,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -89,10 +87,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/shared_subnets/options.yaml b/tests/integration/create_cluster/shared_subnets/options.yaml index bfafd2f251430..da14ab62b31bb 100644 --- a/tests/integration/create_cluster/shared_subnets/options.yaml +++ b/tests/integration/create_cluster/shared_subnets/options.yaml @@ -6,4 +6,4 @@ Networking: cni NetworkID: vpc-12345678 SubnetIDs: - subnet-1 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml index 95ce09a1832ed..49077f5582d4e 100644 --- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -69,9 +69,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -89,10 +87,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml b/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml index f30402fb470c4..63dc81b1c6467 100644 --- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml +++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml @@ -5,4 +5,4 @@ CloudProvider: aws Networking: cni SubnetIDs: - subnet-1 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml index e952f6b71cc5c..a87f907e1e382 100644 --- a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -68,9 +68,7 @@ metadata: kops.k8s.io/cluster: vpc.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -88,10 +86,7 @@ metadata: kops.k8s.io/cluster: vpc.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/shared_vpc/options.yaml b/tests/integration/create_cluster/shared_vpc/options.yaml index 3604533d7fcb2..a0662e1d612d0 100644 --- a/tests/integration/create_cluster/shared_vpc/options.yaml +++ b/tests/integration/create_cluster/shared_vpc/options.yaml @@ -4,4 +4,4 @@ Zones: CloudProvider: aws Networking: cni NetworkID: vpc-12345678 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content index 9ef25df35fc0f..78b451436412b 100644 --- a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 47a89521a20f66f307f308c2e0132647e4bbbac39e5d06bfa34cf965158a20aa + manifestHash: 09d2410e4611ace55db925f141becb316a6fe389651bcaab44f411682d5e8195 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 7da82a1949e35..11089980f5753 100644 --- a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 065af6f94ae44..cb15ab86d2b91 100644 --- a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e4f26aac0617f5d44e6804859641bc0f132e5e06a719d920aac606b675ee42e6 + manifestHash: b62375cdbb115294bd688408cd8d863ada8d8d6790cb3c48fc83ab3bcba8bfae name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index bdb2ef2677f6e..7068abf776edf 100644 --- a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7898..a7e5ee4cd8dfc 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bcafa..26c4acec16789 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content index 54a65826bdebf..41e41b359387e 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -82,10 +82,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -111,10 +108,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -136,13 +130,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -155,9 +146,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -168,7 +156,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -178,9 +166,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 2428e49a08c39..4266ad0f06668 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 35e1da5cf6291..e1ec56fdc79dc 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -163,7 +163,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 156782e82a0be1accfe863bf7f7552f7deb1982820356c5f6cbc8947cc34d530 + manifestHash: 4a3f87c3d96f6fd9fc43032c2b6f52135fabc91bec8e421df4b59e81325b0e68 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade79ab..54a6828c9ded2 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbdae8..da75b50a113ba 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml b/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml index e43afc5a3ca3d..62d42f99594ed 100644 --- a/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml @@ -26,7 +26,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf b/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf index 7caae566048a7..6a821909d210c 100644 --- a/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf +++ b/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf @@ -581,7 +581,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -663,7 +663,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data index c370ab83c05ba..a8855918fedea 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: bastionuserdata.example.com ConfigBase: memfs://clusters.example.com/bastionuserdata.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: cFGsAAqYrwM7b8sg8ARyUvrQ/X1mCS1wq1IuxNHlcbE= +NodeupConfigHash: rL99cT4OyYW0C0ynhksxGSyeoJW7y7woK5oVKp7ByUU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data index cf7447afc6b23..f21a980c530de 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data @@ -162,7 +162,7 @@ ConfigServer: - https://kops-controller.internal.bastionuserdata.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: GBq6HoXAbWL91+sbYN2UBHutnOTPqZ4YF4eubbNjGsk= +NodeupConfigHash: emMDqx0i80CCXdQsMgdrlX2q3VseHfmCIMw4+mYQM+g= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 261d429fd69f2..a12964bb6179f 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content index fc33dc5f521b5..ec4cf31c0b154 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 294552bb6222305240b7ab21f19f93ddf4e8e57bd6c14b768f16670a9ec0430c + manifestHash: 1694d90ed4cf5dfb3ddc064cb0389773c16bde0b5c429bb530fab95dbc619489 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 45a4e4473c930b3efea5de43e999d1c35ae45a0ea1d8eec58362564b40d1e25a + manifestHash: 1f045fe2bedb93e9a2d836affe5955914ee3972ba7985622644460525e843001 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b5cc5a3b91b4b..58926cb57125b 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content index 937b98eba7990..6824517f4bbe3 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: bastionuserdata.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: bastionuserdata.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content index 0e3ebea7273af..ab14429a505d8 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: {} KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -55,7 +54,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a995929db0241..4118b32b42ae3 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: bastionuserdata.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/bastionuserdata.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/bastionuserdata.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content index 63d1a86a00a35..0cc23fc7f7219 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml b/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml index 4430912552307..62532a52dacf0 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterInternalName: api.internal.bastionuserdata.example.com masterPublicName: api.bastionuserdata.example.com networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index ff18bd35aecf9..46012ac23104a 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-bastionuserdata-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -638,7 +638,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-bastionuserdata-exampl http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -720,7 +720,7 @@ resource "aws_launch_template" "nodes-bastionuserdata-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data index 8415546f84862..19ac1de929fd9 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: cas-priority-expander-custom.example.com ConfigBase: memfs://clusters.example.com/cas-priority-expander-custom.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: b2xNUpnVA9+OHxycc5ZxoOaYX0WauMvhVCZbOHYhWSg= +NodeupConfigHash: pSDEbIsX2TutbPcJW+i3FfhHJYzRyigYMcLePHMB7sg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data index 06f4b4a57f77b..ddd3caf958aec 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/ InstanceGroupName: nodes-high-priority InstanceGroupRole: Node -NodeupConfigHash: 3S0kO0rn8/IeZUrZftL7DVYj+3R6xDMIb4Ntoz8LYwI= +NodeupConfigHash: XmGPgFRA+OhH2coAsnrakNhDx6usiD6V41C5u9SY060= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data index d6b10fd4c235a..dc6c3ca1727ff 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/ InstanceGroupName: nodes-low-priority InstanceGroupRole: Node -NodeupConfigHash: 3S0kO0rn8/IeZUrZftL7DVYj+3R6xDMIb4Ntoz8LYwI= +NodeupConfigHash: XmGPgFRA+OhH2coAsnrakNhDx6usiD6V41C5u9SY060= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data index 22ebd82a40e9c..277ec7bacf9f2 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 3S0kO0rn8/IeZUrZftL7DVYj+3R6xDMIb4Ntoz8LYwI= +NodeupConfigHash: XmGPgFRA+OhH2coAsnrakNhDx6usiD6V41C5u9SY060= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index dd8a368b458a0..b6093a779e86c 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content index 5ecac44d2765d..6e853f25a292b 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 63a30d15901dec0b8d6a53372c2065ca80532558d74b770441416255057fe738 + manifestHash: a51d1c3ddc4aec4749104b032300e9c0ff96ddb4c2f6342d6ae0cea253d7c80b name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: e4817b8481df3f556c19999b552e60c6305ce8063481c6ec5d987f225aa686ad + manifestHash: a3dabf22247ebe9511c5714760fffbe206397f265fe710caa73b6162678f3f68 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: d77743ada468524073fc615bbe04f0175d1fb8648b46a012c78ec68340919868 + manifestHash: 27c567b9d768681e944e8ee35915ee796d6bfdb6b6a40b83defafc236b3dc543 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index d7205fcbe42fc..e796e1c55275c 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -359,6 +359,7 @@ spec: - --nodes=2:2:nodes-low-priority.cas-priority-expander-custom.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -373,7 +374,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 8e1e6a14b8aa8..98c4c7775e978 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content index 2b84a79cf48c8..d088d5ea49dd2 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content @@ -19,7 +19,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander-custom.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -38,7 +38,7 @@ spec: enabled: true expander: priority ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -53,8 +53,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -101,10 +101,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -130,10 +127,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander-custom.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -155,13 +149,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -173,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -186,7 +174,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: cgroupDriver: systemd cgroupRoot: / @@ -195,9 +183,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 87dd13e55b2ec..f43095141e664 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander-custom.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/cas-priority-expander-custom.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/cas-priority-expander-custom.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content index 27c50911584c1..68e320c351c03 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content index 27c50911584c1..68e320c351c03 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content index 27c50911584c1..68e320c351c03 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml index 92982f09e131f..9f9991059479d 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterInternalName: api.internal.cas-priority-expander-custom.example.com masterPublicName: api.cas-priority-expander-custom.example.com networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf index 96ba2d72ecdbd..45c60c0570d2b 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf @@ -536,7 +536,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-cas-priority-expander- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -618,7 +618,7 @@ resource "aws_launch_template" "nodes-cas-priority-expander-custom-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -691,7 +691,7 @@ resource "aws_launch_template" "nodes-high-priority-cas-priority-expander-custom http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -764,7 +764,7 @@ resource "aws_launch_template" "nodes-low-priority-cas-priority-expander-custom- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data index 29e14cc396a57..47d6c3b771368 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: cas-priority-expander.example.com ConfigBase: memfs://clusters.example.com/cas-priority-expander.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: esCkj8xtANMAq+yucbrXCk+MO2IXoC6224YmTA+HOaA= +NodeupConfigHash: 2i3Echy2jd9quqT4bMoIwCrXNtsAxxqPsxCPNDtnN/k= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data index 75d8eb4942a56..d8d0c7cb93f34 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander.example.com:3988/ InstanceGroupName: nodes-high-priority InstanceGroupRole: Node -NodeupConfigHash: df729KN5+gvvqaKyGX1Phg5EnmFTHt0M+RCCyN9ON94= +NodeupConfigHash: JPyeSn18V3EwaQubqiDkWXF1m+XUi1F+f1mSMxoUC+U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data index 1b658888c49b2..56b2948ad6e70 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander.example.com:3988/ InstanceGroupName: nodes-low-priority InstanceGroupRole: Node -NodeupConfigHash: df729KN5+gvvqaKyGX1Phg5EnmFTHt0M+RCCyN9ON94= +NodeupConfigHash: JPyeSn18V3EwaQubqiDkWXF1m+XUi1F+f1mSMxoUC+U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data index fc712b0213838..e840be3b34d63 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: df729KN5+gvvqaKyGX1Phg5EnmFTHt0M+RCCyN9ON94= +NodeupConfigHash: JPyeSn18V3EwaQubqiDkWXF1m+XUi1F+f1mSMxoUC+U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cafcfdbd4b864..19a85c73991d5 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content index c5d09152c357d..f2877cd4d1dbf 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 44653c3144f0052549bd0170c3c8e6741d75c36657c8044bd2b1c3f0fa6dd2b9 + manifestHash: 771a9de7123190df88616ce7a5e37a5ca268f634700ea27e77cce38b043675c2 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 8c697d6e92263502eeeb637b47669c5fbb3ba11cd82c90a653cddb42060e7fe5 + manifestHash: 29605e5dcd67d0676c67d06dc59a3aaf5e28ecc6a4d8682956b928664b684fd2 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: baf97022915623f284558e7a4bbb6c8133c7151790378fe6abd6bd1ad4de7963 + manifestHash: 30f6c531ae7120d5e17febfe5b83012290af8aa76b3fb862f2a1aa8d4c91973a name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 3a6c1d387b8d8..5206cd063ff84 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -359,6 +359,7 @@ spec: - --nodes=2:2:nodes-low-priority.cas-priority-expander.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -373,7 +374,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a056b0c7d7466..ab66b2565c268 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content index 5369855aa7897..4e01f8b5ca252 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content @@ -19,7 +19,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,7 +31,7 @@ spec: enabled: true expander: priority ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -46,8 +46,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -94,10 +94,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -123,10 +120,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -148,13 +142,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,9 +157,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -179,7 +167,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: cgroupDriver: systemd cgroupRoot: / @@ -188,9 +176,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 8b7e4ac0f2247..27d351ca944b5 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/cas-priority-expander.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/cas-priority-expander.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content index 5de6befd84c67..216a27e8a2925 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content index 5de6befd84c67..216a27e8a2925 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content index 5de6befd84c67..216a27e8a2925 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml index 215df88e6f77b..3a3dc54507972 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml @@ -23,7 +23,7 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterInternalName: api.internal.cas-priority-expander.example.com masterPublicName: api.cas-priority-expander.example.com networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf index 1edbb4462250a..db0d3a3259ffc 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf @@ -536,7 +536,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-cas-priority-expander- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -618,7 +618,7 @@ resource "aws_launch_template" "nodes-cas-priority-expander-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -691,7 +691,7 @@ resource "aws_launch_template" "nodes-high-priority-cas-priority-expander-exampl http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -764,7 +764,7 @@ resource "aws_launch_template" "nodes-low-priority-cas-priority-expander-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content index 73038598b5df7..4fd8cfa035e2e 100644 --- a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 57d08e67490a6c9d0994fd7b19fc0cc5ee6883d43c7a8e640c05e8955d8c1395 + manifestHash: 022a4e85b0c9ae9d0208b8cea644862492da7eaf30bb698bae38f01c8e72097d name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index cf1cd8eb607d8..161973441f661 100644 --- a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data index 14dffc6b865d3..c960640181f67 100644 --- a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data +++ b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data @@ -133,7 +133,7 @@ function download-release() { echo "== nodeup node config starting ==" ensure-install-dir -echo "H4sIAAAAAAAA/2zOwUrEMBDG8XueInfpxkLXQ8CLQddFLFXwAWbTaV3MZEImcbc+vUhPBe//H9/nAtdxyPx9HjFbDRdRLlQpmHsgtNozpYwiO7wCpYA7z6Qcx+k8P4Cg1YQ0iTXGr2oTmn/1MUqB6PGQuaZ1heDPNlWaglKaFrbROwe02nEsmcMQIKLqecSa1iPPIJ9WC566p5ufrqI7XB8vGY6309fb8tpTPdHc7g0vHy/tfpjvunv1CwAA//8BAAD///gdAzn3AAAA" | base64 -d | gzip -d > conf/kube_env.yaml +echo "H4sIAAAAAAAA/2zOwUoDMRDG8XueInfZrlYPJeBBI9sG2VIEFb2N2Wl3IZMJmUTt24vsaaH3/4/vs4HrcMj8PQ2YjYYfUTZUKZj3QGi0Z0oZRVb4C5QCrjyTshyP0+kRBI0mpKOYtvWzWoTtRe2iFIget5lrmlcI/m1TpSkopbmBZfTCAY22HEvmcAgQUe15wJrmIzuQ0ej3Mzy54E6fm86tv/r+anvbw/l5Q93D3es6j7GLY6nTx9vu+l79AQAA//8BAAD//7W6aH33AAAA" | base64 -d | gzip -d > conf/kube_env.yaml download-release echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data b/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data index 651f97f09762f..83f4363f35810 100644 --- a/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data +++ b/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data @@ -133,7 +133,7 @@ function download-release() { echo "== nodeup node config starting ==" ensure-install-dir -echo "H4sIAAAAAAAA/6yUSY+yWBiF9/4K9uYrERTBpBYvo2CBTELhDuEyKPPgVdM/viPVyZdOVzqdTrFgcU7us3jz5AhFPcZmV9/yGHVbIsT9TCjGfkCdEZZoS0R12XSo79/QPSybAr1FdTkT6irJUwd1N9RtZwQhgIC6IU/yKBxQvyX+mBEEQfx6fbykqAYhSLaryqoArjSlU6+rKn++CALYeQpY5SFVdbkBo+VF1nBEloKjowOpCE6rOOqZFi2JF/ARdD69yxc4ThA+NTwedFf0h2VQeo9z6ZGnT30IKAnvssjQLxI2nkDrYoQPImD/lT1/ZxNkKi4Q6HaAZQhEz7JECS+72NeKqFwXseI9P3wj02WMRSvQ9vVJzW6RAZbE8xaIE8TBgB3QeDBklX52pHtlr13vszd8SfTmqR0K32KZJXNT6MAMqRZSdeOt6j1OPPKhpssJchnmOyZZmQt8NcF0TTexG059sPVOkmRMCoAlgNAQdAmwmAaiZ5MmWLsFD5YIqaR8HRZYBZbHWMISv8CWrIPOQ8LinTU9OPB8IMmGQj+9ixt9FBoWe2212HOit9nX2RH+gvzz8kBKwLMxSScBhTf+vkkOFNeqFLduRkpYRSEHuaccmtSJ2AkylFbfMl10H2h33p3XLGd6w5Ms8SLau/fDlUl3lCAI88cueVD4/f23N5Ihfm/N/7XqVjoheYAiKD/3P2uVq1PfW/UqfswqXWbkVXiKG0Tax+bxuIZ84+OTUOFzkmSBcsDzpGfs+GM8thtLMEqtXEjtZoL4/uGZ64GYq5xzjopGnDNWrpEGLbVN4x1/0KoPtWwYsC+mCDumytR5H/neQFvcufpXqzzLu6/14zCCipA5mly9Xt6HxqUcRr4lOautVOFeFV9qcvzmKFJjn0WebA4hqj84JRnZMFjtNR61bbquL8WqLe3KzS7/xap+WrL+NWW/iGwYmn67WFzrpv8V1dXQ1UWBure8GlBXhcXbd5O4pTmWXczUqh/CKkJKV4/N14BWdYz6vxd2XaAtYdQxmr1+Y/O1p7uwz7YEvYxX3GeUbzK9P1HN5qSNLsb27rDmVHflI5E/65QPN30Zvc/+BAAA//8BAAD//xXbKsO+BQAA" | base64 -d | gzip -d > conf/kube_env.yaml +echo "H4sIAAAAAAAA/6yUS4+ySBiF9/4K9qZbBEUw6cULFIgKgtw+eodQIMr9YqmZHz+RnuTLZDqTyaRZsDgn9SzePDlSXg2x2Va3LMbtmgpJN5Hyoetxa4QFXlNRVdQt7rp3fA+LOsfvUVVMpKpMstTG7Q236wlFSSDhts+SLAp73K2pPyYURVFvr09EqmZQEjo6mqJJ4KAxHXtd08TTRZLgmKVANBFSTVdqMBpR5g1b5hlwbR1oVbIb1dZOrGwhUSIu6GJ6Vy7gjhAxNTwRdEf2+3lQeI9T4dGfv/Q+YBDZnCNDvyBiPIHV5YgcZCD+K3v+zkbIWFwg0I8BUSCQPcuSEZm3sb/No2KZx6r33PvGWVcIka1gu6s+tfMtMsBComiBPEJsAsSGrQiGorHPlnau/LXtfP5GLoleP7eH3Ld4bs7dVDYwQ6aBVFt5i2pHEo9+aOl8hFz66YZLFuaMXE0wHdNJjrWgPfhqg5BCaAkIAggNSUdA5DSQvSNtgrWZiWDJkCL167DAqzB3Y0SQOCOWooMuQsKTjTU+OIhigBRDZZ/exYn2+ZbI3XYx2wmyt9pVZxf+gvzz8kAjEPmYZpOAISt/VycHRmg0RljWAyMtolCAzFMPdWpH/AjpC6truDa696wzbU9LXjC9/kkXZBbtnPvhyqUbRpKk6WOTPBjy8fHbG2TI31vzf626FXZIHyAPil+7n7XK0ZnvrXoVP2aVrnDKIvyMa0wf3frxuIZi7ZNPqSSnJDkH6oFMk447xvvBbVaWZBTbYoaa1Qjx/cMz0wM50wT7FOW1POWsbEsbLGrq2nN/0Kq9VtQcHC+mDBuuPGvTLvK9nrWEU/mvVnmWd1/qbj+AhrE5mEK1nN/72mFsTrklGb9daNK9zL/UFMSVKzNDd448xexDXO0FNRn4MFjstiJumnRZXfJFUxxL53z5L1Z145J1ryl7o859X3fr2exa1d1bVJV9W+U5bt+zssdtGebv303imhV4fjbRyq4PywirbTXUXwNaVjHu/l4cqxyvKaOK8eT1G+qvPd2E3XlN3V0x3Q1IULIQqzGfzE0n4dkH2rDX5Lm/YXRaJFw37/Ql/zH5EwAA//8BAAD//3YkSOK+BQAA" | base64 -d | gzip -d > conf/kube_env.yaml download-release echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content index 56b3e867ef97a..b349bb4e063ab 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: compress.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: compress.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 32b0aac15bc0d..d399a035353f5 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content index 84c500cbcdb93..0d26526ff6f86 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: b92122b7cb0f950d70e8fed8eb1e686ee62f92dd02a359fdbcf49cdaf1a1e718 + manifestHash: 675d5b2b967ee5b133673810b2e100de9bb4eb2f71245b7cfb63a5b0ababaef5 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: ca6e8220c2c6a1d783eb82a73acb44f1b1217295a4300a3c5d59420e5b27daf5 + manifestHash: 64daeefa90d1765aab82d7d6d18b4505470fd26195eaddcb2214061e8f6b8bed name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 60beff7dea836..53977fc86968f 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 187f3ba9dbb81..7d46aff06f65f 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: compress.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/compress.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/compress.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content index 381bbf51d20ff..375aaf512021d 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/compress/in-v1alpha2.yaml b/tests/integration/update_cluster/compress/in-v1alpha2.yaml index 5d594d6968a1b..465453ad5d755 100644 --- a/tests/integration/update_cluster/compress/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/compress/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.compress.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/compress/kubernetes.tf b/tests/integration/update_cluster/compress/kubernetes.tf index d8bebc7c3f272..18c46d7bdc5e7 100644 --- a/tests/integration/update_cluster/compress/kubernetes.tf +++ b/tests/integration/update_cluster/compress/kubernetes.tf @@ -409,7 +409,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -490,7 +490,7 @@ resource "aws_launch_template" "nodes-compress-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data index 5fc68c45255d6..d6da57f0f4cf2 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: containerd.example.com ConfigBase: memfs://clusters.example.com/containerd.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: kpe8YTTVpxXn3WbTrJD51Bx9uWmtf8rHAB3mELryCtk= +NodeupConfigHash: Fk0Z0LX4F97yxFclNpjCZ4Q/kfs3PZDFzZrW1bdsgBc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data index 4a35938eca74c..a6d0cd2641c57 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.containerd.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: hTzhctgyEwYBENFX+168zIbaUI9aLdGx2FSp+4u75RU= +NodeupConfigHash: /CFSyohFA0EcUoZIwMS/ZW3E2+JOFD4/fIZjrO5qZc4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content index dcac79dd07927..3612d9d9d0230 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -35,9 +35,9 @@ spec: docker.io: - https://registry-1.docker.io runc: - version: 1.1.5 + version: 1.1.14 skipInstall: true - version: 1.6.20 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -86,10 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -115,10 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -140,13 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -159,9 +150,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -172,7 +160,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -182,9 +170,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 17d93e234a572..73b6979e022ac 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content index c9c5412cea361..95f899736cdd6 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e3f8c9578b80de05a1afa561201c9ed2588380c3383708ad51d84edcfed5fb6e + manifestHash: 8dc45870ed3d29af43c3dee1d64202ff3e39950ba4481afb6eaa7cdf6c00e9f9 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3e43bde29ecc7fbfa6175dd8f1269afb778b80023f24f8d4ef0a7e170d5a1987 + manifestHash: b287966b61b338807b247e3a65ee78a87c9e735789a5620280603e735d8dd021 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 796c3017eafa9..c97d427dd9d13 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a4748649de1f5..60a3372539124 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,16 +56,18 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 @@ -233,19 +232,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +269,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -287,9 +280,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -304,7 +294,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -325,9 +315,9 @@ containerdConfig: docker.io: - https://registry-1.docker.io runc: - version: 1.1.5 + version: 1.1.14 skipInstall: true - version: 1.6.20 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/containerd.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/containerd.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content index 61e9a1cbc1f76..f168d8463b849 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,13 +1,15 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} ClusterName: containerd.example.com @@ -20,7 +22,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -31,9 +33,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -44,7 +43,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -60,8 +59,8 @@ containerdConfig: docker.io: - https://registry-1.docker.io runc: - version: 1.1.5 + version: 1.1.14 skipInstall: true - version: 1.6.20 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml b/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml index 47265a3d2f4c7..bc49c6a3ba835 100644 --- a/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml @@ -32,7 +32,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.containerd.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/containerd-custom/kubernetes.tf b/tests/integration/update_cluster/containerd-custom/kubernetes.tf index 93c340843bd69..f03b72e480590 100644 --- a/tests/integration/update_cluster/containerd-custom/kubernetes.tf +++ b/tests/integration/update_cluster/containerd-custom/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-containerd-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-containerd-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data b/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data index 2aa7b014f846f..157fa2b09079a 100644 --- a/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: containerd.example.com ConfigBase: memfs://clusters.example.com/containerd.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: hiw+6M2NNFGZnFHsU4jfB7w+3LQfcvenbBNjv279MpM= +NodeupConfigHash: y5Txw+9oWz0Z5eJghIX0Vu87y5w4vxfFF+G8KD0EOeY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data b/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data index 5c910a5cf8e4a..71fa11b9d29f2 100644 --- a/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.containerd.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: xOxs5o6qwTTLWWpkWpw6WIvfClv4JpWeZRvyXjvGSlw= +NodeupConfigHash: BGSYI0zevZfhljdty6pSD7jGigImvKiwX9TAIXDZ2e4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content index f96bc35ccae38..92f93dc39f032 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 17d93e234a572..73b6979e022ac 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content index c9c5412cea361..95f899736cdd6 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e3f8c9578b80de05a1afa561201c9ed2588380c3383708ad51d84edcfed5fb6e + manifestHash: 8dc45870ed3d29af43c3dee1d64202ff3e39950ba4481afb6eaa7cdf6c00e9f9 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3e43bde29ecc7fbfa6175dd8f1269afb778b80023f24f8d4ef0a7e170d5a1987 + manifestHash: b287966b61b338807b247e3a65ee78a87c9e735789a5620280603e735d8dd021 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 796c3017eafa9..c97d427dd9d13 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index ff9092b8c0e7a..38cce43c3399e 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/containerd.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/containerd.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content index c204b6d9a1a16..54b848c960c93 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/containerd/in-v1alpha2.yaml b/tests/integration/update_cluster/containerd/in-v1alpha2.yaml index 4885fe0ebf340..c6ec4968c47d2 100644 --- a/tests/integration/update_cluster/containerd/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/containerd/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.containerd.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/containerd/kubernetes.tf b/tests/integration/update_cluster/containerd/kubernetes.tf index 93c340843bd69..f03b72e480590 100644 --- a/tests/integration/update_cluster/containerd/kubernetes.tf +++ b/tests/integration/update_cluster/containerd/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-containerd-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-containerd-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data b/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data index c3c91eac03349..6557a485af833 100644 --- a/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data +++ b/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: 123.example.com ConfigBase: memfs://clusters.example.com/123.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 95PJjSO3CGrmQ/HQID24bLCCe81QSyzJEhqC6cHtiXk= +NodeupConfigHash: MZRNfoINx9Nrlf5N/qCkWQILVXPxcMw4MwGtg9nxoGE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data b/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data index 7e357a1824f7f..a7ea8fe703cbf 100644 --- a/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data +++ b/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.123.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: aOX5nAbRyHetP0h7sBDoM6qnL1gQK82EendRvLp/b/w= +NodeupConfigHash: +FlZZS/WtbHs4o24n2ckGmwSp/4rvrhie0ys4kuBeHs= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index e7b85ee440337..22dd2e680a947 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content index eaa7b10938f5b..fc30f17bcb9e9 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 4ef72e9dcf72c1003d36b820eefbe31b683f6bd05b8bf86e3ee6738d16641ad5 + manifestHash: 97fd321be3f88b559bcfb11c7758731490e03dd0ec8ebd1cefdb6f01e3694d96 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 92bec712a6ac27647d81a27c7adf8d9d1087bd2c1a073252f35d33d38263a167 + manifestHash: 952de454a0bcfa3df79dc5033e7147143d8041fe6288dddca5952815d739911b name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a963dd45aa5de..f1154b02d7c74 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content index 0b8a3781b6c90..6bb4ea9127bb2 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: 123.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -99,10 +99,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -128,10 +125,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: 123.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,13 +147,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -172,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -185,7 +173,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -195,9 +183,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index ad0b281eef04e..5e5ba6dbc97c1 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: 123.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/123.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/123.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content index cabde62cf6534..093670cd376aa 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/digit/in-v1alpha2.yaml b/tests/integration/update_cluster/digit/in-v1alpha2.yaml index 8ecb21f35e02e..447b1773b8522 100644 --- a/tests/integration/update_cluster/digit/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/digit/in-v1alpha2.yaml @@ -43,7 +43,7 @@ spec: ] kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.123.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/digit/kubernetes.tf b/tests/integration/update_cluster/digit/kubernetes.tf index 31b8114956397..46b4f95e9ad90 100644 --- a/tests/integration/update_cluster/digit/kubernetes.tf +++ b/tests/integration/update_cluster/digit/kubernetes.tf @@ -496,7 +496,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-123-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -578,7 +578,7 @@ resource "aws_launch_template" "nodes-123-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data index ec35ec1b3f82e..b70d99c3c75f5 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existing-iam.example.com ConfigBase: memfs://tests/existing-iam.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: u86xTIyexBtvuyd47DysOCsHJSGhsK4QQ34GRBg9DpA= +NodeupConfigHash: 9zXGp9TDdaSxVixdPZzSu0Gb8kTYNZsnuNumRGFkOeg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data index ec9717129d82c..432768d379992 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existing-iam.example.com ConfigBase: memfs://tests/existing-iam.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: rmNSr60VPHM4QN2vhVv2agHesoCUx4CjE1fHSJr2Lhk= +NodeupConfigHash: fcEASE9IMIxhGut8r+xlRkR0Ig3HXRuUOtAbnJfdMbE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data index 4ff28b692ce1d..fc20d1b3780af 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existing-iam.example.com ConfigBase: memfs://tests/existing-iam.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: sQ+r8F6nuXkvj8T+tlzLT3oGeMV5UwJQixw1kHiwmo8= +NodeupConfigHash: ITwUZGEq2egFFab8U1GLxS3NRM0cK5+xi2Rh3wdgEfU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data index aa5d058521655..afc578f0f6b88 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.existing-iam.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: iU/r1fYKN7jkZu/xmLM7kZjGynyX1JNGYRHtZOKKhi8= +NodeupConfigHash: iQHZqUcsEQax9u9VDo7GrCLd9AZ7g3UUB3LQOm5aBGY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content index da77333a79782..5fd2cb92b57d6 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 0990bab166e90..8dbc96f02e329 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content index 7702a2c7f0964..ea43d91e65f00 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d0d3f655eb1fd7ae7c57a697f4204dac9864e6c24c849d9b745213f24071a435 + manifestHash: 7c2b8c178485f121eea63180d22d0e2a257989a68bf3ef10298dc808eb439b95 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 097730fc2debd4a7b838f6a139b692dd267c75dc96c716ed85c72731a77eecfa + manifestHash: 3276348a558c4f0ca6b15792770af74674eda55e863e90434470cd08c5dc9ff0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 5433a29b76910..da1f45a737308 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 69d4573d1503b..e1261f012c72a 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/existing-iam.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/existing-iam.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index 94b94e914c885..1312de9469c46 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/existing-iam.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://tests/existing-iam.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index e7892cce26628..f540e064ab6f3 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/existing-iam.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://tests/existing-iam.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content index a43a20c5f9057..96c57c6eb505f 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml b/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml index 5ccbad24cd9a3..5e8649d220f30 100644 --- a/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml @@ -31,7 +31,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.existing-iam.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index 45818fe25ca45..9285a014fba4a 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -572,7 +572,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existing-iam-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -658,7 +658,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existing-iam-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -744,7 +744,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existing-iam-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -826,7 +826,7 @@ resource "aws_launch_template" "nodes-existing-iam-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data index d1774fc19f6eb..ab20317f29df1 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existingsg.example.com ConfigBase: memfs://clusters.example.com/existingsg.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ICdjxZrIVr68jzZXOtTqFSYwQwhDPg3GrXWchsSFctw= +NodeupConfigHash: hTCzKngvsHFZhel+r7eSUn1kepx6RYyGZUuAyKTBHZY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data index 606455f8d759e..67d1799cf42f2 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existingsg.example.com ConfigBase: memfs://clusters.example.com/existingsg.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: idFFl4fjaqAO14k8DnVbhPMTCUpatGJojbRhhspOEVs= +NodeupConfigHash: Ye94ZtvwW3+dNLI5AmLV0TkSjseeouZHWa5jvnuiAok= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data index 3f91d23898309..cd7e19c6a3869 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existingsg.example.com ConfigBase: memfs://clusters.example.com/existingsg.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: XgMBw88ZVFMLkKu6oxQenbGzOIMRngJVCvir0tUHhbQ= +NodeupConfigHash: BxcHXsz22Y3Ef27QbinI3L9zrf3EQBm8Hqc7pDUQZEA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data index 68cc7909251ca..bba8a547d495b 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.existingsg.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: K5+mTeoXPRLuy3jHWMKTkOCqNEsF3nonD71OjBR0W44= +NodeupConfigHash: DVcmZ3dGxI89AKvVrvZtOT3beuMqojFOOankBQtILq8= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content index 942d890b4facd..738a39eebaf24 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content @@ -21,7 +21,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -30,8 +30,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -88,10 +88,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -117,10 +114,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -142,13 +136,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -161,9 +152,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -174,7 +162,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -184,9 +172,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 2c84048517f1b..c2f0987e375c5 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content index bb53abdf12186..0da6e5608c2ac 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e9e70138100b93ba52bd7cc60f86cb1aa011b13e86881a52af0ab1d02cf210c6 + manifestHash: c84fce0d1b3be7d5dba30a817aa3c79abd854b26172b6595223331dcf3927a51 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: c79a5710aeff701677dd1a97609e03ea4abc040c28ed46a944bd799f4a68a0a8 + manifestHash: 9e1e695cd4a4f7c6f39a15c7b49b590b36305a4324d9adb481f9e384a753131f name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 1d085686e416d..b52923d0e3c75 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 4a7dd0df98465..f51bc4e08369b 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index 8a32a4b871aa4..15137ddaa39f5 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index 5cea523342aaf..06032742b6403 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content index c420f537c54c8..7b3608d400cb8 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml b/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml index 373801210e049..91b36bd078bad 100644 --- a/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml @@ -32,7 +32,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.existingsg.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index 706bf2574e141..1774bdb0379cf 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -675,7 +675,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existingsg-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -761,7 +761,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existingsg-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -847,7 +847,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existingsg-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -929,7 +929,7 @@ resource "aws_launch_template" "nodes-existingsg-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 1f0b3cef247e1..5edf11700e994 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Arj9CPYPT79nVe1Uju7SKarwPhrwxdpEn3bezaNlNUo= +NodeupConfigHash: u7Gr0XwgMUCmXNEG29SnW1+ljmUinf8gdvYeTKvzNFA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bcafa..26c4acec16789 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content index 2bbc6f112dc54..ccdc11bfd6ad5 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daac5b..adc407bc8039c 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 127c779aa8912..9a86a8d11adf1 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e45b55f9acc40..1b8293d4ee289 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbdae8..da75b50a113ba 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml b/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml index c4604d1ebff86..81fce2f7f7977 100644 --- a/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml @@ -23,7 +23,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/external_dns/kubernetes.tf b/tests/integration/update_cluster/external_dns/kubernetes.tf index 2779e3b0c66e6..6f54ecaa8adc0 100644 --- a/tests/integration/update_cluster/external_dns/kubernetes.tf +++ b/tests/integration/update_cluster/external_dns/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7898..a7e5ee4cd8dfc 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bcafa..26c4acec16789 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content index 09f19a3f115c7..9046bd2cebf76 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -78,10 +78,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -107,10 +104,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -132,13 +126,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -151,9 +142,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -164,7 +152,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -174,9 +162,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 2428e49a08c39..4266ad0f06668 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 53ca7c3b6eeaf..fc6e56d0a8595 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 156782e82a0be1accfe863bf7f7552f7deb1982820356c5f6cbc8947cc34d530 + manifestHash: 4a3f87c3d96f6fd9fc43032c2b6f52135fabc91bec8e421df4b59e81325b0e68 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade79ab..54a6828c9ded2 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbdae8..da75b50a113ba 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml index fb979744bf75a..2e39ecc1e4e5c 100644 --- a/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml @@ -24,7 +24,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf b/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf index 43ab2fc4eba22..90b3a8630f4d6 100644 --- a/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf +++ b/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf @@ -553,7 +553,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -635,7 +635,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data index f31aa90038be1..f6325b1515ccd 100644 --- a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data +++ b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: externallb.example.com ConfigBase: memfs://clusters.example.com/externallb.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: sKPCXRg8rW45b5xY/U/wYx32kzi/JiPBozxFb5/osG4= +NodeupConfigHash: mpuGpuqHnMxqUagcAZtJOuCcYKqb08jANg7HzR3FjxM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data b/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data index 730f2b38bbc6d..87db82315d4b8 100644 --- a/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data +++ b/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.externallb.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: MPu8JszFdqU/JAAKeVVua8kgtZRRXPULCS1vdOo6xfw= +NodeupConfigHash: 5PAjJjkqRAbpDlUSYAWVqRDwGjPSWxxGieRqQDz334U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content index a8f65ce01fc0d..19354631fb342 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externallb.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externallb.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index c83a40b4b75a4..d9d7d88871bda 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content index a4dc6338b16b8..06dbcdc4a28f5 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 7702864fb9b93cb6d31cad64beea4e759e54a85ab537e298c7b0dd19abd429e7 + manifestHash: 2be25c0967747ded555228a19d643bca64f1519a28e27a4fca2ab6570297767e name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3c267d62e3ee9624f0f2bbcc1fcc0b464069856137d3ce1fe5147b415f9f376f + manifestHash: b74d9e391a0c063476c6c98f641eaeacc2cb2c4a4db77b7e27449929820cdacd name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index f4151252aa62f..0b26ef4f0f23d 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 315167b190f62..b72f014ae648e 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: externallb.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/externallb.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/externallb.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content index 1a0ccd006307f..75d268ee4267f 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/externallb/in-v1alpha2.yaml b/tests/integration/update_cluster/externallb/in-v1alpha2.yaml index fc3cee67b68b4..b0a594f2cd0d4 100644 --- a/tests/integration/update_cluster/externallb/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/externallb/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.externallb.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index 29e3c0ab8d698..8716480764ce4 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -424,7 +424,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externallb-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -506,7 +506,7 @@ resource "aws_launch_template" "nodes-externallb-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data index d6eb31e387dfd..a9598d81a84fd 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data +++ b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: externalpolicies.example.com ConfigBase: memfs://clusters.example.com/externalpolicies.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: WNeE2nmO7nfvvXbn3ZiIrqytPPsSNY3Zk8A+DSnuCl4= +NodeupConfigHash: zPjN9DAMzZNL8AKaLuKcd7xMWQGDBSWI3Ttva2pzTAI= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data index 9e70752f6ffbb..308c74d30f6aa 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data +++ b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.externalpolicies.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: OtfMRLXfdxwQmbtF5Xph6i0U5baqhcZrPzmK/AH38E4= +NodeupConfigHash: 8HWB6dcUV5F+agsCBEmTyCxhpgpaUXkz2M0r4UJaNWY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content index 409af0556771d..1d620953d0a95 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content @@ -23,7 +23,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externalpolicies.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudLabels: @@ -35,8 +35,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -93,10 +93,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -123,10 +120,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externalpolicies.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -148,13 +142,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -167,9 +158,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -180,7 +168,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -190,9 +178,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 59e898a35ea78..84b8ea1722472 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content index 306dca1b2eec0..5e5493e63149a 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 98bf6993eb5637cd1fb1c05a921eeca94de3c844737ac309ee00c3ba262746a4 + manifestHash: e9ef976dbcb885a7d76997b277529ed21f97005b889b94ba6c5ffb3b84f2acf1 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: c44d66758862980fcef80da7353e7c892db81a67f7317fce0c8457c5a73d9f09 + manifestHash: 44f77f314b679ce3ab9bffa05492cbdd02c3f6b9bbc86e8b64d22d14371e4887 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index e89b7281335ae..974c01bac6749 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 386bf654e8125..db1f582636fc8 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,21 +57,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: externalpolicies.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -283,7 +276,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -294,9 +287,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -311,7 +301,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -325,8 +315,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/externalpolicies.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/externalpolicies.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content index 93b3747a03a45..dab7cd76184e7 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml b/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml index dbef9b48fd4a4..063a42c06377f 100644 --- a/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: auditWebhookBatchThrottleQps: 3.14 kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.externalpolicies.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index d5d1d191d82cb..0c5f26ca82ea2 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -506,7 +506,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externalpolicies-examp http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -594,7 +594,7 @@ resource "aws_launch_template" "nodes-externalpolicies-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = true diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data index 390fec9417c40..b39aa2667bce1 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: ha.example.com ConfigBase: memfs://tests/ha.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: EzSpxxRLzWtK+CbGfDPI4vxzNcHx0PcuB//B7bDqNDE= +NodeupConfigHash: cQJkf48Er7RhgMKJ00PxgeLzOOnoVnduhT49MU/FJT0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data index 0444dafbdb7cd..9050191a2f3d5 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: ha.example.com ConfigBase: memfs://tests/ha.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: ZTYbGGnIdTitKLmjPFN1lsRwwIf2+PTdTXxQaD4+LRc= +NodeupConfigHash: RAtSaINio1LthAUuE+3n6JVXSzgAsrKltV9xlD5EIqQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data index 4c006d76adf78..5ec28090cb5aa 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: ha.example.com ConfigBase: memfs://tests/ha.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: HA1a6rZR7IvYHsGnKf0B9/bTwCW/EayNTFIIL53tQwk= +NodeupConfigHash: W6rMDBmED7Dmbdz4JX+kUF+/vMdP5xu/qy8bxs4Y0tY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data index 6cf5f3401e75c..b23b0bcc0f41c 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.ha.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: NGrM/RooWL4bH8+59gljwPe9ZqiNUG/RlXjolz8mYR0= +NodeupConfigHash: DT/rKNMmea0qA8ToqS6Ewrbsk+rn5JEEVlFF0YH4dYw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content index 66faa6f69ab61..039d93431173c 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 03ff1d8e9fdee..aa99fdc3ca06f 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content index 1d49e2c7ad12b..96c969945b104 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: a75bd64e71564e800ddc37239eb21d29648aa5e823a68f188576aede4f3d2486 + manifestHash: d4ddb4783b06f20dc94c0b4e2831589b28b68b63105622ef2a6dca823f7f31ad name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 6c1ebf0302eeb4b0e9dddb8038970e4439247b30270617326530fb2cb89016b9 + manifestHash: 89ce618efe06faf4d7129435593d2ad826d346281a6b1cc3527d7c7fca292ed5 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a1424f31aaa23..9df33ea5fe873 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 2e71c9519f323..ea211abebdc19 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/ha.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index 691f6bc9ab8ad..909111ffadae9 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://tests/ha.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index 78abbea092ab8..18cd4d75ec6aa 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://tests/ha.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content index 6342721e2c700..83ed7c73093ee 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/ha/in-v1alpha2.yaml b/tests/integration/update_cluster/ha/in-v1alpha2.yaml index 28dee205504b9..186d4e32e809a 100644 --- a/tests/integration/update_cluster/ha/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/ha/in-v1alpha2.yaml @@ -31,7 +31,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.ha.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index 4142e237d6a1d..cb4ca62dd0b52 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -644,7 +644,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -730,7 +730,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -816,7 +816,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -898,7 +898,7 @@ resource "aws_launch_template" "nodes-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content index 014c64bcac808..d8f6406a3b307 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content @@ -32,8 +32,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -94,7 +94,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -120,7 +120,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -142,10 +142,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -170,7 +170,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content index e84db611d8a37..a2363737fc4a5 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 271ef5c3504ca02dc202a802e01d5013daab731ffe1f021254d1679eb5615ef9 + manifestHash: 457f69c307d16dda4de136ab9eac6d74966928eb658f04661dfda267306c7c03 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 002dac69385a975a8a2c4182981033e05880031c179dd1459ee569076cdce654 diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 4b608ca575541..08b75cdf86b1d 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index 4718787ac4368..c5537d3ac6478 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha-gce.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/ha-gce.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content index 2ef0f07346e0e..b62b8cee00156 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha-gce.example.com/manifests/etcd/main-master-us-test1-b.yaml - memfs://tests/ha-gce.example.com/manifests/etcd/events-master-us-test1-b.yaml diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content index e05ff6dfb5353..80be1565ffd5c 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha-gce.example.com/manifests/etcd/main-master-us-test1-c.yaml - memfs://tests/ha-gce.example.com/manifests/etcd/events-master-us-test1-c.yaml diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content index aa8046d0fe81b..6cf6e332f75da 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: ha-gce-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data index 20494da43664a..f015b4dc05d5d 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: ha-gce.example.com ConfigBase: memfs://tests/ha-gce.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: iaC3YRyrpaqRGZoKq/evZi13FpDe5TE80WMSe0oiLGo= +NodeupConfigHash: 7PNwUsmybZ7/eXLy+qUhCJ6782nGgsrFaYw2BDQIQws= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data index e5ca4a618a421..d4abeca368d2e 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: ha-gce.example.com ConfigBase: memfs://tests/ha-gce.example.com InstanceGroupName: master-us-test1-b InstanceGroupRole: ControlPlane -NodeupConfigHash: Ccz0pGhkAcbcB2swFhBjbP/I9g1iaxXifbYHltSWGBE= +NodeupConfigHash: gTE9O0dXuUSUvLEIoRFBG6TnwYIAUltlMIeOJZ5Fgs8= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data index b08f6a7c9b488..29971c92541ff 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: ha-gce.example.com ConfigBase: memfs://tests/ha-gce.example.com InstanceGroupName: master-us-test1-c InstanceGroupRole: ControlPlane -NodeupConfigHash: ANBxpXGickkt0KsGZvF2GjrCL7klXJcuEz7p/KLkyo0= +NodeupConfigHash: 25EQ7g5FcCcmr9PYgb7fUOCjIeV+KXidKv4tItli78o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data index 323ea152d0ff9..604b6df0c84ca 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.ha-gce.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: qeQTOKt0hOOaYdUKV4uuU/tWbk77g7CZAyAVrqYwKmY= +NodeupConfigHash: TOl9HcykFXBuFNu7zWlixyvlejbroYxFJkYTzz5YNgs= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml b/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml index 8b9baa2621956..578e76d3e59e9 100644 --- a/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml @@ -41,7 +41,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.ha-gce.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/ha_gce/kubernetes.tf b/tests/integration/update_cluster/ha_gce/kubernetes.tf index 40ff4a6445c39..93acd239a8671 100644 --- a/tests/integration/update_cluster/ha_gce/kubernetes.tf +++ b/tests/integration/update_cluster/ha_gce/kubernetes.tf @@ -114,14 +114,6 @@ resource "aws_s3_object" "ha-gce-example-com-addons-limit-range-addons-k8s-io" { server_side_encryption = "AES256" } -resource "aws_s3_object" "ha-gce-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/ha-gce.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "ha-gce-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_ha-gce.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7898..a7e5ee4cd8dfc 100644 --- a/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bcafa..26c4acec16789 100644 --- a/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content index da3ba0353bb30..a0381939c6b63 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -106,10 +106,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -135,10 +132,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -160,13 +154,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -179,9 +170,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -192,7 +180,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -202,9 +190,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daac5b..adc407bc8039c 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 0b152f446266b..f2c98a7ed71c8 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -163,7 +163,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade79ab..54a6828c9ded2 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbdae8..da75b50a113ba 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/irsa/in-v1alpha2.yaml index fd97f6f917e04..edd24a014d9c0 100644 --- a/tests/integration/update_cluster/irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/irsa/in-v1alpha2.yaml @@ -50,7 +50,7 @@ spec: ] kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/irsa/kubernetes.tf b/tests/integration/update_cluster/irsa/kubernetes.tf index 112bb705f853d..8359814bb8255 100644 --- a/tests/integration/update_cluster/irsa/kubernetes.tf +++ b/tests/integration/update_cluster/irsa/kubernetes.tf @@ -523,7 +523,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -605,7 +605,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data index dc7defd1d2a3e..96be6eb29ac8d 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: karpenter-nodes-default InstanceGroupRole: Node -NodeupConfigHash: ThzoNo9Ktdabk+6L9GWga+JWV54y0W4sgJHyC0S9dQ4= +NodeupConfigHash: myDpVyw9F9Loqr3HZgRy0bq8s+galSbWbcNsisEQuZA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data index 18ca62e6cfc7a..5dd48992cddd9 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: karpenter-nodes-single-machinetype InstanceGroupRole: Node -NodeupConfigHash: OZyPvkIjT8onFAjEwNUEf2haFcA3ScarJDKAq0bI2o4= +NodeupConfigHash: 2bRuHslaVUHA1FFCWCmMtg2IsLz+6dfd8EN1KHa1m7o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index fa02d0a3a34e6..a7e5ee4cd8dfc 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 6QxBduIpSUWtdkR6H4KTFTIgcolfbWIOoJXTQSE5Gxw= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data index 3dc60216659d2..26c4acec16789 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: DgVcevdZDeKN4KKXD40vZtsZ6ADW2yQcl9DxNKFBefk= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content index 2d1c8189d9c8e..5d827482f48e2 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -86,10 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -115,10 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -140,13 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -159,9 +150,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -172,7 +160,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -182,9 +170,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 35999cfd3b6aa..4266ad0f06668 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 03355d6523994..234dc009a7166 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: be10a82bf6700fed6f6d802e94e4407481768da7c5e014e0635776a69b7972ef + manifestHash: 4a3f87c3d96f6fd9fc43032c2b6f52135fabc91bec8e421df4b59e81325b0e68 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content index 03101100e6208..c4da647f86480 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeReserved: cpu: 500m memory: 1G @@ -58,7 +57,7 @@ KubeletConfig: systemReserved: cpu: 500m memory: 1G -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -66,7 +65,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content index 107f9dbb13c58..23c4ae56b6653 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -51,7 +50,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9117fdb48772c..54a6828c9ded2 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content index b0a63894bdd4d..da75b50a113ba 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml b/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml index c21d91061cf29..1c0c4b6d88559 100644 --- a/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml @@ -27,7 +27,7 @@ spec: memoryLimit: 2Gi kubelet: anonymousAuth: false - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/karpenter/kubernetes.tf b/tests/integration/update_cluster/karpenter/kubernetes.tf index 4ebefd3b9d986..e727e859dfc46 100644 --- a/tests/integration/update_cluster/karpenter/kubernetes.tf +++ b/tests/integration/update_cluster/karpenter/kubernetes.tf @@ -576,7 +576,7 @@ resource "aws_launch_template" "karpenter-nodes-default-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -651,7 +651,7 @@ resource "aws_launch_template" "karpenter-nodes-single-machinetype-minimal-examp http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -731,7 +731,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -813,7 +813,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1024,14 +1024,6 @@ resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml b/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml index b8654412ea96f..74caa264f950a 100644 --- a/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.lifecyclephases.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 08f404efeb74a..3f69ffee7c793 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: qeqe1ZpOLeenSmM8YqswgsyWRzNuWD4dU3Faf4p6MiU= +NodeupConfigHash: 1nicqRNjC4DpqbF3P95kThouWz7/N/8sMWPFtHzBTaM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data index d07e053bbfef1..cba14213d9b73 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: NHK9Yo7WiTTs4Qyubod93kDSK9juC3Eohviy4hytfEA= +NodeupConfigHash: ZM27eswIGASeycbkw13naZ3DO3MVAltzBMqxGoYg4uQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content index 2a336e3a983e6..4b715a4464260 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content @@ -23,7 +23,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -34,7 +34,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -49,8 +49,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -101,10 +101,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -130,10 +127,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,13 +148,10 @@ spec: serverIP: 100.64.0.10 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -173,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -186,7 +174,7 @@ spec: shutdownGracePeriodCriticalPods: 0s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -196,9 +184,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 03aa43bf091f3..898d64cb7b760 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 29cb04918c166..cfd56aa596953 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 3764bb2698fcd6ad15853cf437c1664e7f46acfee77fdc3c686f1aa000ab4006 + manifestHash: dbc0df294fcd14e5e160aee8184a0a44f8f19b1405ba6e59df9bc374744cc550 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -186,7 +186,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 61d8aed7126cff29860f5b09a092010af18071fa057edaa5cdc3ab3a38cc6ef2 + manifestHash: 9e9e026261b203c0fe301ae3c0ab6a219b80118821f576c27dc8b673c5fec444 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 61f8f442f9d8b..c1c3f81e47b92 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -328,6 +328,7 @@ spec: - --nodes=2:2:nodes.minimal.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -346,7 +347,7 @@ spec: value: arn:aws-test:iam::123456789012:role/cluster-autoscaler.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 879c06f0daafb..bf768907a05ef 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -27,10 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,19 +57,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -308,7 +298,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 0s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content index fdeb11e6aa414..67bc78208d35a 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 0s shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml index 12f1aef985a38..30d543541ff63 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf index 6f21ff91693e9..a93f95778aa95 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf @@ -609,7 +609,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -691,7 +691,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/README.md b/tests/integration/update_cluster/many-addons-ccm-irsa25/README.md deleted file mode 100644 index d173d34f98fd6..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/README.md +++ /dev/null @@ -1,9 +0,0 @@ -Simple test of (experimental) JWKS functionality - -We have to use a fixed CA because the fingerprint is inserted into the AWS WebIdentity configuration. - -ca.crt & ca.key generated with: - -``` -openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt -config <(cat /etc/ssl/openssl.cnf <(printf "[ v3_ca ]\nkeyUsage = critical,keyCertSign,cRLSign")) -``` diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6c18833de43c0..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-cloud-controller-manager" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 94a18743494c1..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 3266f85030aab..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-node-termination-handler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6a4c8278048c0..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:cluster-autoscaler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a1f5c8e2f8b59..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6bd6048b16001..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:ebs-csi-controller-sa" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index d05670c1897e5..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,116 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:ModifyInstanceAttribute", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index e141f8b925c99..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,118 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "acm:DescribeCertificate", - "acm:ListCertificates", - "cognito-idp:DescribeUserPoolClient", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteRule", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyRule", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:RemoveTags", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a2a9cfce2edb2..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,26 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeTags", - "ec2:DescribeInstances", - "sqs:DeleteMessage", - "sqs:ReceiveMessage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:CompleteLifecycleAction", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 89ba38c735d86..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,32 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeScalingActivities", - "ec2:DescribeImages", - "ec2:DescribeInstanceTypes", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetInstanceTypesFromInstanceRequirements" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index c3f164caee182..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,35 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 5dd615cd76fbe..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,91 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateVolume", - "CreateSnapshot" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AttachVolume", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:CreateVolume" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy deleted file mode 100644 index d6666452b057c..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ /dev/null @@ -1,137 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:AttachVolume", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com", - "aws:ResourceTag/k8s.io/role/master": "1" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:Get*" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-write-bucket" - ] - }, - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:GenerateRandom", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy deleted file mode 100644 index d18bc3afc1c35..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ /dev/null @@ -1,48 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:GenerateRandom" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data deleted file mode 100644 index 9ff23c997b34e..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigBase: memfs://clusters.example.com/minimal.example.com -InstanceGroupName: master-us-test-1a -InstanceGroupRole: ControlPlane -NodeupConfigHash: x9kGUyDatSFsdN8mHyt4DPHbWc8j250le5BpmJI16Eg= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content deleted file mode 100644 index ffc4f28dcec85..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content +++ /dev/null @@ -1,249 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - api: - dns: {} - authorization: - alwaysAllow: {} - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - channel: stable - cloudConfig: - awsEBSCSIDriver: - version: v1.33.0 - manageStorageClasses: true - cloudControllerManager: - allocateNodeCIDRs: true - cloudProvider: aws - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 - leaderElection: - leaderElect: true - cloudProvider: aws - clusterAutoscaler: - awsUseStaticInstanceList: false - balanceSimilarNodeGroups: false - emitPerNodegroupMetrics: false - enabled: true - expander: random - ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.3 - maxNodeProvisionTime: 15m0s - newPodScaleUpDelay: 0s - scaleDownDelayAfterAdd: 10m0s - scaleDownUnneededTime: 10m0s - scaleDownUnreadyTime: 20m0s - scaleDownUtilizationThreshold: "0.5" - skipNodesWithCustomControllerPods: true - skipNodesWithLocalStorage: true - skipNodesWithSystemPods: true - clusterDNSDomain: cluster.local - configBase: memfs://clusters.example.com/minimal.example.com - containerd: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 - dnsZone: Z1AFAKE1ZON3YO - etcdClusters: - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/main - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: main - version: 3.5.17 - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/events - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: events - version: 3.5.17 - externalDns: - provider: dns-controller - iam: - legacy: false - useServiceAccountExternalPermissions: true - keyStore: memfs://clusters.example.com/minimal.example.com/pki - kubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - kubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - kubeDNS: - cacheMaxConcurrent: 150 - cacheMaxSize: 1000 - cpuRequest: 100m - domain: cluster.local - memoryLimit: 170Mi - memoryRequest: 70Mi - nodeLocalDNS: - cpuRequest: 25m - enabled: false - image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0 - memoryRequest: 5Mi - provider: CoreDNS - serverIP: 100.64.0.10 - kubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 - kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 - kubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - kubernetesApiAccess: - - 0.0.0.0/0 - kubernetesVersion: 1.25.0 - masterKubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - masterPublicName: api.minimal.example.com - metricsServer: - enabled: true - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - cpuRequest: 50m - deleteSQSMsgIfNodeNotFound: false - enableRebalanceDraining: false - enableRebalanceMonitoring: false - enableScheduledEventDraining: true - enableSpotInterruptionDraining: true - enabled: true - excludeFromLoadBalancers: true - managedASGTag: aws-node-termination-handler/managed - memoryRequest: 64Mi - podTerminationGracePeriod: -1 - prometheusEnable: false - taintNode: false - version: v1.22.0 - nonMasqueradeCIDR: 172.20.0.0/16 - podCIDR: 172.20.128.0/17 - secretStore: memfs://clusters.example.com/minimal.example.com/secrets - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - serviceClusterIPRange: 100.64.0.0/13 - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - topology: - dns: - type: Public diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content deleted file mode 100644 index aba05dfd1a0c4..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content +++ /dev/null @@ -1,18 +0,0 @@ -{ -"issuer": "https://discovery.example.com/minimal.example.com", -"jwks_uri": "https://discovery.example.com/minimal.example.com/openid/v1/jwks", -"authorization_endpoint": "urn:kubernetes:programmatic_authorization", -"response_types_supported": [ -"id_token" -], -"subject_types_supported": [ -"public" -], -"id_token_signing_alg_values_supported": [ -"RS256" -], -"claims_supported": [ -"sub", -"iss" -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content deleted file mode 100644 index ddcbc6ed75733..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content +++ /dev/null @@ -1,20 +0,0 @@ -{ -"keys": [ -{ -"use": "sig", -"kty": "RSA", -"kid": "3mNcULfgtWECYyZWY5ow1rOHjiRwEZHx28HQcRec3Ew", -"alg": "RS256", -"n": "2JbeF8dNwqfEKKD65aGlVs58fWkA0qZdVLKw8qATzRBJTi1nqbj2kAR4gyy_C8Mxouxva_om9d7Sq8Ka55T7-w", -"e": "AQAB" -}, -{ -"use": "sig", -"kty": "RSA", -"kid": "G-cZ10iKJqrXhR15ivI7Lg2q_cuL0zN9ouL0vF67FLc", -"alg": "RS256", -"n": "o4Tridlsf4Yz3UAiup_scSTiG_OqxkUW3Fz7zGKvVcLeYj9GEIKuzoB1VFk1nboDq4cCuGLfdzaQdCQKPIsDuw", -"e": "AQAB" -} -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content deleted file mode 100644 index 4eb0d5b03a1b5..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-events - name: etcd-manager-events - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3997 --peer-urls=https://__name__:2381 - --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events - --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-events - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd-events.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content deleted file mode 100644 index e2d9e5d30ab76..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-main - name: etcd-manager-main - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3996 --peer-urls=https://__name__:2380 - --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main - --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-main - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content deleted file mode 100644 index c9f76089afff0..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - k8s-app: aws-cloud-controller-manager - name: aws-cloud-controller-manager - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-cloud-controller-manager - template: - metadata: - creationTimestamp: null - labels: - k8s-app: aws-cloud-controller-manager - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --allocate-node-cidrs=true - - --cloud-provider=aws - - --cluster-cidr=172.20.128.0/17 - - --cluster-name=minimal.example.com - - --configure-cloud-routes=false - - --leader-elect=true - - --v=2 - - --use-service-account-credentials=true - - --cloud-config=/etc/kubernetes/cloud.config - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 - imagePullPolicy: IfNotPresent - name: aws-cloud-controller-manager - resources: - requests: - cpu: 200m - volumeMounts: - - mountPath: /etc/kubernetes/cloud.config - name: cloudconfig - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: aws-cloud-controller-manager - tolerations: - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - - effect: NoSchedule - key: node.kubernetes.io/not-ready - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - - effect: NoSchedule - key: node-role.kubernetes.io/master - volumes: - - hostPath: - path: /etc/kubernetes/cloud.config - type: "" - name: cloudconfig - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - updateStrategy: - type: RollingUpdate - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: cloud-controller-manager:apiserver-authentication-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - '*' -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch -- apiGroups: - - "" - resources: - - services - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - node-controller - - service-controller - - route-controller - resources: - - serviceaccounts/token - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content deleted file mode 100644 index f5f3572927925..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content +++ /dev/null @@ -1,1209 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-attacher-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-role -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-provisioner-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - create - - patch - - delete -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-resizer-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-attacher-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-getter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-csi-node-role -subjects: -- kind: ServiceAccount - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-provisioner-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-resizer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-resizer-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-snapshotter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-snapshotter-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-role - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ebs-csi-leases-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app: ebs-csi-controller - app.kubernetes.io/managed-by: kops - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - ports: - - name: metrics - port: 3301 - targetPort: 3301 - selector: - app: ebs-csi-controller - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node - namespace: kube-system -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-node - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-node - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: topology.kubernetes.io/zone - operator: Exists - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - key: node.kubernetes.io/instance-type - operator: NotIn - values: - - a1.medium - - a1.large - - a1.xlarge - - a1.2xlarge - - a1.4xlarge - containers: - - args: - - node - - --endpoint=$(CSI_ENDPOINT) - - --logging-format=text - - --v=2 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:/csi/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /bin/aws-ebs-csi-driver - - pre-stop-hook - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - privileged: true - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - name: kubelet-dir - - mountPath: /csi - name: plugin-dir - - mountPath: /dev - name: device-dir - - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.11.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - periodSeconds: 90 - timeoutSeconds: 15 - name: node-driver-registrar - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - - mountPath: /registration - name: registration-dir - - mountPath: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - name: probe-dir - - args: - - --csi-address=/csi/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - hostNetwork: false - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - securityContext: - fsGroup: 0 - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - serviceAccountName: ebs-csi-node-sa - terminationGracePeriodSeconds: 30 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /var/lib/kubelet - type: Directory - name: kubelet-dir - - hostPath: - path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - type: DirectoryOrCreate - name: plugin-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - name: registration-dir - - hostPath: - path: /dev - type: Directory - name: device-dir - - emptyDir: {} - name: probe-dir - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-controller - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - weight: 1 - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - ebs-csi-controller - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - controller - - --endpoint=$(CSI_ENDPOINT) - - --k8s-tag-cluster-id=minimal.example.com - - --extra-tags=KubernetesCluster=minimal.example.com - - --http-endpoint=0.0.0.0:3301 - - --batching=true - - --logging-format=text - - --v=5 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: key_id - name: aws-secret - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access_key - name: aws-secret - optional: true - - name: AWS_EC2_ENDPOINT - valueFrom: - configMapKeyRef: - key: endpoint - name: aws-meta - optional: true - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9811 - name: healthz - protocol: TCP - - containerPort: 3301 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --feature-gates=Topology=true - - --extra-create-metadata - - --leader-election=true - - --default-fstype=ext4 - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v5.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-provisioner - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=5m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.6.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-attacher - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=$(ADDRESS) - - --leader-election=true - - --extra-create-metadata - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter:v8.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-snapshotter - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s:v0.3.0 - imagePullPolicy: IfNotPresent - name: volumemodifier - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --handle-volume-inuse-error=false - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --workers=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.11.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-resizer - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=/csi/csi.sock - - --http-endpoint=0.0.0.0:9811 - env: - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: ebs-csi-controller-sa - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - tolerationSeconds: 300 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: socket-dir - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs.csi.aws.com -spec: - attachRequired: true - podInfoOnMount: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content deleted file mode 100644 index dea787ab0df13..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ /dev/null @@ -1,1264 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: ingressclassparams.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: IngressClassParams - listKind: IngressClassParamsList - plural: ingressclassparams - singular: ingressclassparams - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The Ingress Group name - jsonPath: .spec.group.name - name: GROUP-NAME - type: string - - description: The AWS Load Balancer scheme - jsonPath: .spec.scheme - name: SCHEME - type: string - - description: The AWS Load Balancer ipAddressType - jsonPath: .spec.ipAddressType - name: IP-ADDRESS-TYPE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IngressClassParams is the Schema for the IngressClassParams API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressClassParamsSpec defines the desired state of IngressClassParams - properties: - group: - description: Group defines the IngressGroup for all Ingresses that - belong to IngressClass with this IngressClassParams. - properties: - name: - description: Name is the name of IngressGroup. - type: string - required: - - name - type: object - inboundCIDRs: - description: InboundCIDRs specifies the CIDRs that are allowed to - access the Ingresses that belong to IngressClass with this IngressClassParams. - items: - type: string - type: array - ipAddressType: - description: IPAddressType defines the ip address type for all Ingresses - that belong to IngressClass with this IngressClassParams. - enum: - - ipv4 - - dualstack - type: string - loadBalancerAttributes: - description: LoadBalancerAttributes define the custom attributes to - LoadBalancers for all Ingress that that belong to IngressClass with - this IngressClassParams. - items: - description: Attributes defines custom attributes on resources. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - namespaceSelector: - description: NamespaceSelector restrict the namespaces of Ingresses - that are allowed to specify the IngressClass with this IngressClassParams. - * if absent or present but empty, it selects all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - scheme: - description: Scheme defines the scheme for all Ingresses that belong - to IngressClass with this IngressClassParams. - enum: - - internal - - internet-facing - type: string - sslPolicy: - description: SSLPolicy specifies the SSL Policy for all Ingresses - that belong to IngressClass with this IngressClassParams. - type: string - subnets: - description: Subnets defines the subnets for all Ingresses that belong - to IngressClass with this IngressClassParams. - properties: - ids: - description: IDs specify the resource IDs of subnets. Exactly - one of this or `tags` must be specified. - items: - description: SubnetID specifies a subnet ID. - pattern: subnet-[0-9a-f]+ - type: string - minItems: 1 - type: array - tags: - additionalProperties: - items: - type: string - type: array - description: Tags specifies subnets in the load balancer's VPC - where each tag specified in the map key contains one of the - values in the corresponding value list. Exactly one of this - or `ids` must be specified. - type: object - type: object - tags: - description: Tags defines list of Tags on AWS resources provisioned - for Ingresses that belong to IngressClass with this IngressClassParams. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: targetgroupbindings.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: TargetGroupBinding - listKind: TargetGroupBindingList - plural: targetgroupbindings - singular: targetgroupbinding - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - networking: - description: networking provides the networking setup for ELBV2 LoadBalancer - to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - ipAddressType: - description: ipAddressType specifies whether the target group is of - type IPv4 or IPv6. If unspecified, it will be automatically inferred. - enum: - - ipv4 - - ipv6 - type: string - networking: - description: networking defines the networking rules to allow ELBV2 - LoadBalancer to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - description: NetworkingIngressRule defines a particular set - of traffic that is allowed to access TargetGroup's targets. - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - description: NetworkingPort defines the port and protocol - for networking rules. - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - nodeSelector: - description: node selector for instance type target groups to only - register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - minLength: 1 - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-role - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - aws-load-balancer-controller-leader - resources: - - configmaps - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - aws-load-balancer-controller-leader - resources: - - leases - verbs: - - get - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-role -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/status - verbs: - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - ingressclassparams - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings/status - verbs: - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: aws-load-balancer-controller-leader-election-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-load-balancer-controller-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook-service - namespace: kube-system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --metrics-bind-addr=:9442 - - --cluster-name=minimal.example.com - - --enable-waf=false - - --enable-wafv2=false - - --enable-shield=false - - --ingress-class=alb - - --default-tags=KubernetesCluster=minimal.example.com - - --aws-region=us-test-1 - env: - - name: NODENAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 - livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 - name: controller - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - resources: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: aws-load-balancer-controller - terminationGracePeriodSeconds: 10 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: aws-load-balancer-webhook-tls - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-serving-cert - namespace: kube-system -spec: - dnsNames: - - aws-load-balancer-webhook-service.kube-system.svc - - aws-load-balancer-webhook-service.kube-system.svc.cluster.local - issuerRef: - kind: Issuer - name: aws-load-balancer-selfsigned-issuer - secretName: aws-load-balancer-webhook-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-selfsigned-issuer - namespace: kube-system -spec: - selfSigned: {} - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-service - failurePolicy: Fail - name: mservice.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - services - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-pod - failurePolicy: Fail - name: mpod.elbv2.k8s.aws - namespaceSelector: - matchExpressions: - - key: elbv2.k8s.aws/pod-readiness-gate-inject - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: mtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams - failurePolicy: Fail - name: vingressclassparams.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingressclassparams - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: vtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-networking-v1-ingress - failurePolicy: Fail - matchPolicy: Equivalent - name: vingress.elbv2.k8s.aws - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - ---- - -apiVersion: elbv2.k8s.aws/v1beta1 -kind: IngressClassParams -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb - ---- - -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb -spec: - controller: ingress.k8s.aws/alb - parameters: - apiGroup: elbv2.k8s.aws - kind: IngressClassParams - name: alb - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content deleted file mode 100644 index 0f20499bdea9f..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ /dev/null @@ -1,215 +0,0 @@ -kind: Addons -metadata: - creationTimestamp: null - name: bootstrap -spec: - addons: - - id: k8s-1.16 - manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 - name: kops-controller.addons.k8s.io - needsRollingUpdate: control-plane - selector: - k8s-addon: kops-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: coredns.addons.k8s.io/k8s-1.12.yaml - manifestHash: 591e3b40d00949575616698ce1c9230db8cb00bdab4f8a0d5ef14080a1d7a93c - name: coredns.addons.k8s.io - selector: - k8s-addon: coredns.addons.k8s.io - version: 9.99.0 - - id: k8s-1.9 - manifest: kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml - manifestHash: 01c120e887bd98d82ef57983ad58a0b22bc85efb48108092a24c4b82e4c9ea81 - name: kubelet-api.rbac.addons.k8s.io - selector: - k8s-addon: kubelet-api.rbac.addons.k8s.io - version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - - manifest: limit-range.addons.k8s.io/v1.5.0.yaml - manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 - name: limit-range.addons.k8s.io - selector: - k8s-addon: limit-range.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml - manifestHash: be276bd85459d2d34b26a95d3c9492939bb386ce39f13212db484d23aa57da22 - name: dns-controller.addons.k8s.io - selector: - k8s-addon: dns-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.15 - manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: c03c6c1e8806b7e572506d2018bdbb9c314f5bc207473d85e95e7308af4d5193 - name: cluster-autoscaler.addons.k8s.io - selector: - k8s-addon: cluster-autoscaler.addons.k8s.io - version: 9.99.0 - - id: k8s-1.11 - manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f - name: metrics-server.addons.k8s.io - needsPKI: true - selector: - k8s-app: metrics-server - version: 9.99.0 - - id: k8s-1.16 - manifest: certmanager.io/k8s-1.16.yaml - manifestHash: e9a1f65a8e57904e77e1b5e9f429ca56e154eb73ed2a536e1fb39746573dba21 - name: certmanager.io - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: Service - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - selector: null - version: 9.99.0 - - id: k8s-1.11 - manifest: node-termination-handler.aws/k8s-1.11.yaml - manifestHash: 09840259d2fc87e0f9704d14df71a803b21e5f9a65017929f4721eb191b53f70 - name: node-termination-handler.aws - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: Service - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - selector: - k8s-addon: node-termination-handler.aws - version: 9.99.0 - - id: k8s-1.19 - manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: f32c0c5f258e9fb26f8a69b7a2e9ece3738d737552e774d8d84896dcab323782 - name: aws-load-balancer-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: aws-load-balancer-controller.addons.k8s.io - version: 9.99.0 - - id: v1.15.0 - manifest: storage-aws.addons.k8s.io/v1.15.0.yaml - manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200 - name: storage-aws.addons.k8s.io - selector: - k8s-addon: storage-aws.addons.k8s.io - version: 9.99.0 - - id: k8s-1.16 - manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml - manifestHash: f7c29b8c7ecc81826fbb05c53bc443f4e387a0e1dd375b9dbdd71de95674a479 - name: networking.amazon-vpc-routed-eni - needsRollingUpdate: all - selector: - role.kubernetes.io/networking: "1" - version: 9.99.0 - - id: k8s-1.18 - manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 7093e19e27c166399f105077b4d58889f16c4a3f4f6d4e675bfa7b66120336cb - name: aws-cloud-controller.addons.k8s.io - selector: - k8s-addon: aws-cloud-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.17 - manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml - manifestHash: db7ca215ecd9c12f6f746b37865600f8130ef9844faf7bad48ba8e661fd83ee7 - name: aws-ebs-csi-driver.addons.k8s.io - selector: - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - version: 9.99.0 - - id: k8s-1.20 - manifest: snapshot-controller.addons.k8s.io/k8s-1.20.yaml - manifestHash: 06a1cffd153dc7f8cf75853da3683d3a68b55411883d84b9bebf049fc746b980 - name: snapshot-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: snapshot-controller.addons.k8s.io - version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content deleted file mode 100644 index aa9800e4092bd..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ /dev/null @@ -1,10095 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificaterequests.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: CertificateRequest - listKind: CertificateRequestList - plural: certificaterequests - shortNames: - - cr - - crs - singular: certificaterequest - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Approved")].status - name: Approved - type: string - - jsonPath: .status.conditions[?(@.type=="Denied")].status - name: Denied - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - type: string - - jsonPath: .spec.username - name: Requestor - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate - from one of the configured issuers. \n All fields within the CertificateRequest's - `spec` are immutable after creation. A CertificateRequest will either succeed - or fail, as denoted by its `status.state` field. \n A CertificateRequest - is a one-shot resource, meaning it represents a single point in time request - for a certificate and cannot be re-used." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the CertificateRequest resource. - properties: - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. - type: string - extra: - additionalProperties: - items: - type: string - type: array - description: Extra contains extra attributes of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - type: object - groups: - description: Groups contains group membership of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - items: - type: string - type: array - x-kubernetes-list-type: atomic - isCA: - description: IsCA will request to mark the certificate as valid for - certificate signing when submitting to the issuer. This will automatically - add the `cert sign` usage to the list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this CertificateRequest. If - the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the CertificateRequest - will be used. If the `kind` field is set to `ClusterIssuer`, a - ClusterIssuer with the provided name will be used. The `name` field - in this stanza is required at all times. The group field refers - to the API group of the issuer which defaults to `cert-manager.io` - if empty. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: The PEM-encoded x509 certificate signing request to be - submitted to the CA for signing. - format: byte - type: string - uid: - description: UID contains the uid of the user that created the CertificateRequest. - Populated by the cert-manager webhook on creation and immutable. - type: string - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. If usages are set they SHOULD be encoded inside - the CSR spec Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - username: - description: Username contains the name of the user that created the - CertificateRequest. Populated by the cert-manager webhook on creation - and immutable. - type: string - required: - - issuerRef - - request - type: object - status: - description: Status of the CertificateRequest. This is set and managed - automatically. - properties: - ca: - description: The PEM encoded x509 certificate of the signer, also - known as the CA (Certificate Authority). This is set on a best-effort - basis by different issuers. If not set, the CA is assumed to be - unknown/not available. - format: byte - type: string - certificate: - description: The PEM encoded x509 certificate resulting from the certificate - signing request. If not set, the CertificateRequest has either not - been completed or has failed. More information on failure can be - found by checking the `conditions` field. - format: byte - type: string - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. - items: - description: CertificateRequestCondition contains condition information - for a CertificateRequest. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `InvalidRequest`, `Approved`, `Denied`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failureTime: - description: FailureTime stores the time that this CertificateRequest - failed. This is used to influence garbage collection and back-off. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificates.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Certificate - listKind: CertificateList - plural: certificates - shortNames: - - cert - - certs - singular: certificate - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.secretName - name: Secret - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to - date and signed x509 certificate is stored in the Kubernetes Secret resource - named in `spec.secretName`. \n The stored certificate will be renewed before - it expires (as configured by `spec.renewBefore`)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Certificate resource. - properties: - additionalOutputFormats: - description: AdditionalOutputFormats defines extra output formats - of the private key and signed certificate chain to be written to - this Certificate's target Secret. This is an Alpha Feature and is - only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` - option on both the controller and webhook components. - items: - description: CertificateAdditionalOutputFormat defines an additional - output format of a Certificate resource. These contain supplementary - data formats of the signed certificate chain and paired private - key. - properties: - type: - description: Type is the name of the format type that should - be written to the Certificate's target Secret. - enum: - - DER - - CombinedPEM - type: string - required: - - type - type: object - type: array - commonName: - description: 'CommonName is a common name to be used on the Certificate. - The CommonName should have a length of 64 characters or fewer to - avoid generating invalid CSRs. This value is ignored by TLS clients - when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' - type: string - dnsNames: - description: DNSNames is a list of DNS subjectAltNames to be set on - the Certificate. - items: - type: string - type: array - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. If unset - this defaults to 90 days. Certificate will be renewed either 2/3 - through its duration or `renewBefore` period before its expiry, - whichever is later. Minimum accepted duration is 1 hour. Value must - be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - emailAddresses: - description: EmailAddresses is a list of email subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - encodeUsagesInRequest: - description: EncodeUsagesInRequest controls whether key usages should - be present in the CertificateRequest - type: boolean - ipAddresses: - description: IPAddresses is a list of IP address subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - isCA: - description: IsCA will mark this Certificate as valid for certificate - signing. This will automatically add the `cert sign` usage to the - list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this certificate. - If the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the Certificate will - be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer - with the provided name will be used. The `name` field in this stanza - is required at all times. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - keystores: - description: Keystores configures additional keystore output formats - stored in the `secretName` Secret resource. - properties: - jks: - description: JKS configures options for storing a JKS keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables JKS keystore creation for the - Certificate. If true, a file named `keystore.jks` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.jks` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the JKS keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - pkcs12: - description: PKCS12 configures options for storing a PKCS12 keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables PKCS12 keystore creation for the - Certificate. If true, a file named `keystore.p12` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.p12` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the PKCS12 keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - type: object - literalSubject: - description: LiteralSubject is an LDAP formatted string that represents - the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). - Use this *instead* of the Subject field if you need to ensure the - correct ordering of the RDN sequence, such as when issuing certs - for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, - https://github.com/cert-manager/cert-manager/issues/4424. This field - is alpha level and is only supported by cert-manager installations - where LiteralCertificateSubject feature gate is enabled on both - cert-manager controller and webhook. - type: string - privateKey: - description: Options to control private keys used for the Certificate. - properties: - algorithm: - description: Algorithm is the private key algorithm of the corresponding - private key for this certificate. If provided, allowed values - are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified - and `size` is not provided, key size of 256 will be used for - `ECDSA` key algorithm and key size of 2048 will be used for - `RSA` key algorithm. key size is ignored when using the `Ed25519` - key algorithm. - enum: - - RSA - - ECDSA - - Ed25519 - type: string - encoding: - description: The private key cryptography standards (PKCS) encoding - for this certificate's private key to be encoded in. If provided, - allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and - PKCS#8, respectively. Defaults to `PKCS1` if not specified. - enum: - - PKCS1 - - PKCS8 - type: string - rotationPolicy: - description: RotationPolicy controls how private keys should be - regenerated when a re-issuance is being processed. If set to - Never, a private key will only be generated if one does not - already exist in the target `spec.secretName`. If one does exists - but it does not have the correct algorithm or size, a warning - will be raised to await user intervention. If set to Always, - a private key matching the specified requirements will be generated - whenever a re-issuance occurs. Default is 'Never' for backward - compatibility. - enum: - - Never - - Always - type: string - size: - description: Size is the key bit size of the corresponding private - key for this certificate. If `algorithm` is set to `RSA`, valid - values are `2048`, `4096` or `8192`, and will default to `2048` - if not specified. If `algorithm` is set to `ECDSA`, valid values - are `256`, `384` or `521`, and will default to `256` if not - specified. If `algorithm` is set to `Ed25519`, Size is ignored. - No other values are allowed. - type: integer - type: object - renewBefore: - description: How long before the currently issued certificate's expiry - cert-manager should renew the certificate. The default is 2/3 of - the issued certificate's duration. Minimum accepted value is 5 minutes. - Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - revisionHistoryLimit: - description: revisionHistoryLimit is the maximum number of CertificateRequest - revisions that are maintained in the Certificate's history. Each - revision represents a single `CertificateRequest` created by this - Certificate, either when it was created, renewed, or Spec was changed. - Revisions will be removed by oldest first if the number of revisions - exceeds this number. If set, revisionHistoryLimit must be a value - of `1` or greater. If unset (`nil`), revisions will not be garbage - collected. Default value is `nil`. - format: int32 - type: integer - secretName: - description: SecretName is the name of the secret resource that will - be automatically created and managed by this Certificate resource. - It will be populated with a private key and certificate, signed - by the denoted issuer. - type: string - secretTemplate: - description: SecretTemplate defines annotations and labels to be copied - to the Certificate's Secret. Labels and annotations on the Secret - will be changed as they appear on the SecretTemplate when added - or removed. SecretTemplate annotations are added in conjunction - with, and cannot overwrite, the base set of annotations cert-manager - sets on the Certificate's Secret. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a key value map to be copied to the - target Kubernetes Secret. - type: object - labels: - additionalProperties: - type: string - description: Labels is a key value map to be copied to the target - Kubernetes Secret. - type: object - type: object - subject: - description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). - properties: - countries: - description: Countries to be used on the Certificate. - items: - type: string - type: array - localities: - description: Cities to be used on the Certificate. - items: - type: string - type: array - organizationalUnits: - description: Organizational Units to be used on the Certificate. - items: - type: string - type: array - organizations: - description: Organizations to be used on the Certificate. - items: - type: string - type: array - postalCodes: - description: Postal codes to be used on the Certificate. - items: - type: string - type: array - provinces: - description: State/Provinces to be used on the Certificate. - items: - type: string - type: array - serialNumber: - description: Serial number to be used on the Certificate. - type: string - streetAddresses: - description: Street addresses to be used on the Certificate. - items: - type: string - type: array - type: object - uris: - description: URIs is a list of URI subjectAltNames to be set on the - Certificate. - items: - type: string - type: array - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - required: - - issuerRef - - secretName - type: object - status: - description: Status of the Certificate. This is set and managed automatically. - properties: - conditions: - description: List of status conditions to indicate the status of certificates. - Known condition types are `Ready` and `Issuing`. - items: - description: CertificateCondition contains condition information - for an Certificate. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Certificate. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `Issuing`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failedIssuanceAttempts: - description: The number of continuous failed issuance attempts up - till now. This field gets removed (if set) on a successful issuance - and gets set to 1 if unset and an issuance has failed. If an issuance - has failed, the delay till the next issuance will be calculated - using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). - type: integer - lastFailureTime: - description: LastFailureTime is set only if the lastest issuance for - this Certificate failed and contains the time of the failure. If - an issuance has failed, the delay till the next issuance will be - calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - - 1). If the latest issuance has succeeded this field will be unset. - format: date-time - type: string - nextPrivateKeySecretName: - description: The name of the Secret resource containing the private - key to be used for the next certificate iteration. The keymanager - controller will automatically set this field if the `Issuing` condition - is set to `True`. It will automatically unset this field when the - Issuing condition is not set or False. - type: string - notAfter: - description: The expiration time of the certificate stored in the - secret named by this resource in `spec.secretName`. - format: date-time - type: string - notBefore: - description: The time after which the certificate stored in the secret - named by this resource in spec.secretName is valid. - format: date-time - type: string - renewalTime: - description: RenewalTime is the time at which the certificate will - be next renewed. If not set, no upcoming renewal is scheduled. - format: date-time - type: string - revision: - description: "The current 'revision' of the certificate as issued. - \n When a CertificateRequest resource is created, it will have the - `cert-manager.io/certificate-revision` set to one greater than the - current value of this field. \n Upon issuance, this field will be - set to the value of the annotation on the CertificateRequest resource - used to issue the certificate. \n Persisting the value on the CertificateRequest - resource allows the certificates controller to know whether a request - is part of an old issuance or if it is part of the ongoing revision's - issuance by checking if the revision value in the annotation is - greater than this field." - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: challenges.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Challenge - listKind: ChallengeList - plural: challenges - singular: challenge - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.dnsName - name: Domain - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Challenge is a type to represent a Challenge request with an - ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - authorizationURL: - description: The URL to the ACME Authorization resource that this - challenge is a part of. - type: string - dnsName: - description: dnsName is the identifier that this challenge is for, - e.g. example.com. If the requested DNSName is a 'wildcard', this - field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, - it must be `example.com`. - type: string - issuerRef: - description: References a properly configured ACME-type Issuer which - should be used to create this Challenge. If the Issuer does not - exist, processing will be retried. If the Issuer is not an 'ACME' - Issuer, an error will be returned and the Challenge will be marked - as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - key: - description: 'The ACME challenge key for this challenge For HTTP01 - challenges, this is the value that must be responded with to complete - the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is - the base64 encoded SHA256 sum of the `.` text that must be set as the TXT - record content.' - type: string - solver: - description: Contains the domain solving configuration that should - be used to solve this challenge resource. - properties: - dns01: - description: Configures cert-manager to attempt to complete authorizations - by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API to manage - DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage DNS01 - challenge records. - properties: - clientID: - description: if both this and ClientSecret are left unset - MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left unset - MSI will be used - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be used - type: string - managedIdentity: - description: managed identity configuration, can not be - used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, can - not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage DNS01 - challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field that - tells cert-manager in which Cloud DNS zone the challenge - record has to be created. If left empty cert-manager - will automatically choose a zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 challenge - records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. - Note: using an API token to authenticate is now the - recommended method as it allows greater control of permissions.' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with Cloudflare. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required when - using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider - should handle CNAME records when found in DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage DNS01 - challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name - System") (https://datatracker.ietf.org/doc/rfc2136/) to - manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed in - square brackets (e.g [2001:db8::1]) ; port is optional. - This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS - supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values are - (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, - ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the DNS. - If ``tsigSecretSecretRef`` is defined, this field is - required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the TSIG - value. If ``tsigKeyName`` is defined, this field is - required. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 challenge - records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If neither - the Access Key nor Key ID are set, we fall-back to using - env vars, shared credentials file or AWS Instance metadata, - see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key within - a Kubernetes Secret. Cannot be set when AccessKeyID - is set. If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials file - or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only this - zone in Route53 and will not do an lookup using the - route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 provider - will assume using either the explicit credentials AccessKeyID/SecretAccessKey - or the inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, we fall-back - to using env vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 challenge - solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should be passed - to the webhook apiserver when challenges are processed. - This can contain arbitrary JSON data. Secret values - should not be specified in this stanza. If secret values - are needed (e.g. credentials for a DNS service), you - should use a SecretKeySelector to reference a Secret - resource. For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used when - POSTing ChallengePayload resources to the webhook apiserver. - This should be the same as the GroupName specified in - the webhook provider implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will typically - be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete authorizations - by performing the HTTP01 challenge flow. It is not possible - to obtain certificates for wildcard domain names (e.g. `*.example.com`) - using the HTTP01 challenge mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community API - that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the specified - labels in the same namespace as the challenge. This solver - is experimental, and fields / behaviour may change in the - future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied to HTTPRoutes - created by cert-manager while solving HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager - creates an HTTPRoute. cert-manager needs to know which - parentRefs should be used when creating the HTTPRoute. - Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API object - (usually a Gateway) that can be considered a parent - of this resource (usually a route). The only kind - of parent resource with \"Core\" support is Gateway. - This API may be extended in the future to support - additional kinds of parent resources, such as HTTPRoute. - \n The API object must be valid in the cluster; the - Group and Kind must be registered in the cluster for - this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such as - for a \"Service\" kind referent), Group must be - explicitly set to \"\" (empty string). \n Support: - Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n Support: - Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the - referent. When unspecified, this refers to the - local namespace of the Route. \n Note that there - are specific rules for ParentRefs which cross - namespace boundaries. Cross-namespace references - are only valid if they are explicitly allowed - by something in the namespace they are referring - to. For example: Gateway has the AllowedRoutes - field, and ReferenceGrant provides a generic way - to enable any other kind of cross-namespace reference. - \n Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route - targets. It can be interpreted differently based - on the type of parent resource. \n When the parent - resource is a Gateway, this targets all listeners - listening on the specified port that also support - this kind of Route(and select this Route). It's - not recommended to set `Port` unless the networking - behaviors specified in a Route must apply to a - specific port as opposed to a listener(s) whose - port(s) may be changed. When both Port and SectionName - are specified, the name and port of the selected - listener must match both specified values. \n - Implementations MAY choose to support other parent - resources. Implementations supporting other types - of parent resources MUST clearly document how/if - Port is interpreted. \n For the purpose of status, - an attachment is considered successful as long - as the parent resource accepts it partially. For - example, Gateway listeners can restrict which - Routes can attach to them by Route kind, namespace, - or hostname. If 1 of 2 Gateway listeners accept - attachment from the referencing Route, the Route - MUST be considered successfully attached. If no - Gateway listeners accept attachment from this - Route, the Route MUST be considered detached from - the Gateway. \n Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section - within the target resource. In the following resources, - SectionName is interpreted as the following: \n - * Gateway: Listener Name. When both Port (experimental) - and SectionName are specified, the name and port - of the selected listener must match both specified - values. \n Implementations MAY choose to support - attaching Routes to other resources. If that is - the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), - this will reference the entire resource. For the - purpose of status, an attachment is considered - successful if at least one section in the parent - resource accepts it. For example, Gateway listeners - can restrict which Routes can attach to them by - Route kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully - attached. If no Gateway listeners accept attachment - from this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver will - solve challenges by creating or modifying Ingress resources - in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by cert-manager - for each Challenge to be completed. - properties: - class: - description: This field configures the annotation `kubernetes.io/ingress.class` - when creating Ingress resources to solve ACME challenges - that use this challenge solver. Only one of `class`, - `name` or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve ACME - challenges that use this challenge solver. This is the - recommended way of configuring the ingress class. Only - one of `class`, `name` or `ingressClassName` may be - specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the 'labels' - and 'annotations' fields may be set. If labels or - annotations overlap with in-built values, the values - here will override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the created ACME HTTP01 solver ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that should - have ACME challenge solving routes inserted into it - in order to solve HTTP01 challenges. This is typically - used in conjunction with ingress controllers like ingress-gce, - which maintains a 1:1 mapping between external IPs and - ingress resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure the - ACME challenge solver pods used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod used - to solve HTTP01 challenges. Only the 'labels' and - 'annotations' fields may be set. If labels or annotations - overlap with in-built values, the values here will - override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the create ACME HTTP01 solver pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the HTTP01 - challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All other - fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node matches the corresponding - matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to an update), - the system may or may not try to eventually - evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. - items: - description: A null or empty node - selector term matches no objects. - The requirements of them are ANDed. - The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains enough - information to let you locate the referenced - object inside the same namespace. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. Selector - which must match a node''s labels for the pod - to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the - toleration applies to. Empty means match - all taint keys. If the key is empty, operator - must be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. - By default, it is not set, which means - tolerate the taint forever (do not evict). - Zero and negative values will be treated - as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the - toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver has - a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will be used - to solve. If specified and a match is found, a dnsNames - selector will take precedence over a dnsZones selector. - If multiple solvers match with the same dnsNames value, - the solver with the most matching labels in matchLabels - will be selected. If neither has more matches, the solver - defined earlier in the list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will be used - to solve. The most specific DNS zone match specified here - will take precedence over other DNS zone matches, so a solver - specifying sys.example.com will be selected over one specifying - example.com for the domain www.sys.example.com. If multiple - solvers match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine the set - of certificate's that this challenge solver will apply to. - type: object - type: object - type: object - token: - description: The ACME challenge token for this challenge. This is - the raw value returned from the ACME server. - type: string - type: - description: The type of ACME challenge this resource represents. - One of "HTTP-01" or "DNS-01". - enum: - - HTTP-01 - - DNS-01 - type: string - url: - description: The URL of the ACME Challenge resource for this challenge. - This can be used to lookup details about the status of this challenge. - type: string - wildcard: - description: wildcard will be true if this challenge is for a wildcard - identifier, for example '*.example.com'. - type: boolean - required: - - authorizationURL - - dnsName - - issuerRef - - key - - solver - - token - - type - - url - type: object - status: - properties: - presented: - description: presented will be set to true if the challenge values - for this challenge are currently 'presented'. This *does not* imply - the self check is passing. Only that the values have been 'submitted' - for the appropriate challenge mechanism (i.e. the DNS01 TXT record - has been presented, or the HTTP01 configuration has been configured). - type: boolean - processing: - description: Used to denote whether this challenge should be processed - or not. This field will only be set to true by the 'scheduling' - component. It will only be set to false by the 'challenges' controller, - after the challenge has reached a final state or timed out. If this - field is set to false, the challenge controller will not take any - more action. - type: boolean - reason: - description: Contains human readable information on why the Challenge - is in the current state. - type: string - state: - description: Contains the current 'state' of the challenge. If not - set, the state of the challenge is unknown. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: clusterissuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: ClusterIssuer - listKind: ClusterIssuerList - plural: clusterissuers - singular: clusterissuer - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: A ClusterIssuer represents a certificate issuing authority which - can be referenced as part of `issuerRef` fields. It is similar to an Issuer, - however it is cluster-scoped and therefore can be referenced by resources - that exist in *any* namespace, not just the same namespace as the referent. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the ClusterIssuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the ClusterIssuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: issuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Issuer - listKind: IssuerList - plural: issuers - singular: issuer - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: An Issuer represents a certificate issuing authority which can - be referenced as part of `issuerRef` fields. It is scoped to a single namespace - and can therefore only be referenced by resources within the same namespace. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Issuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the Issuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: orders.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Order - listKind: OrderList - plural: orders - singular: order - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Order is a type to represent an Order with an ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - commonName: - description: CommonName is the common name as specified on the DER - encoded CSR. If specified, this value must also be present in `dnsNames` - or `ipAddresses`. This field must match the corresponding field - on the DER encoded CSR. - type: string - dnsNames: - description: DNSNames is a list of DNS names that should be included - as part of the Order validation process. This field must match the - corresponding field on the DER encoded CSR. - items: - type: string - type: array - duration: - description: Duration is the duration for the not after date for the - requested certificate. this is set on order creation as pe the ACME - spec. - type: string - ipAddresses: - description: IPAddresses is a list of IP addresses that should be - included as part of the Order validation process. This field must - match the corresponding field on the DER encoded CSR. - items: - type: string - type: array - issuerRef: - description: IssuerRef references a properly configured ACME-type - Issuer which should be used to create this Order. If the Issuer - does not exist, processing will be retried. If the Issuer is not - an 'ACME' Issuer, an error will be returned and the Order will be - marked as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: Certificate signing request bytes in DER encoding. This - will be used when finalizing the order. This field must be set on - the order. - format: byte - type: string - required: - - issuerRef - - request - type: object - status: - properties: - authorizations: - description: Authorizations contains data returned from the ACME server - on what authorizations must be completed in order to validate the - DNS names specified on the Order. - items: - description: ACMEAuthorization contains data returned from the ACME - server on an authorization that must be completed in order validate - a DNS name on an ACME Order resource. - properties: - challenges: - description: Challenges specifies the challenge types offered - by the ACME server. One of these challenge types will be selected - when validating the DNS name and an appropriate Challenge - resource will be created to perform the ACME challenge process. - items: - description: Challenge specifies a challenge offered by the - ACME server for an Order. An appropriate Challenge resource - can be created to perform the ACME challenge process. - properties: - token: - description: Token is the token that must be presented - for this challenge. This is used to compute the 'key' - that must also be presented. - type: string - type: - description: Type is the type of challenge being offered, - e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is - the raw value retrieved from the ACME server. Only 'http-01' - and 'dns-01' are supported by cert-manager, other values - will be ignored. - type: string - url: - description: URL is the URL of this challenge. It can - be used to retrieve additional metadata about the Challenge - from the ACME server. - type: string - required: - - token - - type - - url - type: object - type: array - identifier: - description: Identifier is the DNS name to be validated as part - of this authorization - type: string - initialState: - description: InitialState is the initial state of the ACME authorization - when first fetched from the ACME server. If an Authorization - is already 'valid', the Order controller will not create a - Challenge resource for the authorization. This will occur - when working with an ACME server that enables 'authz reuse' - (such as Let's Encrypt's production endpoint). If not set - and 'identifier' is set, the state is assumed to be pending - and a Challenge will be created. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL is the URL of the Authorization that must be - completed - type: string - wildcard: - description: Wildcard will be true if this authorization is - for a wildcard DNS name. If this is true, the identifier will - be the *non-wildcard* version of the DNS name. For example, - if '*.example.com' is the DNS name being validated, this field - will be 'true' and the 'identifier' field will be 'example.com'. - type: boolean - required: - - url - type: object - type: array - certificate: - description: Certificate is a copy of the PEM encoded certificate - for this Order. This field will be populated after the order has - been successfully finalized with the ACME server, and the order - has transitioned to the 'valid' state. - format: byte - type: string - failureTime: - description: FailureTime stores the time that this order failed. This - is used to influence garbage collection and back-off. - format: date-time - type: string - finalizeURL: - description: FinalizeURL of the Order. This is used to obtain certificates - for this order once it has been completed. - type: string - reason: - description: Reason optionally provides more information about a why - the order is in the current state. - type: string - state: - description: State contains the current state of this Order resource. - States 'success' and 'expired' are 'final' - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL of the Order. This will initially be empty when the - resource is first created. The Order controller will populate this - field when the Order is first processed. This field will be immutable - after it is initially set. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - create - - update - - patch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -rules: -- apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -rules: -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificates/status - - certificaterequests - - certificaterequests/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - certificates/finalizers - - certificaterequests/finalizers - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete -- apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - watch - - create - - delete -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create -- apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - verbs: - - create - - update - - delete -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cert-manager-view -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: cert-manager-edit -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - certificates/status - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -rules: -- apiGroups: - - cert-manager.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - update -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - update - - patch -- apiGroups: - - certificates.k8s.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - sign -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -rules: -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-cainjector -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-issuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-clusterissuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificates -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-orders -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-challenges -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-ingress-shim -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-approve:cert-manager-io -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificatesigningrequests -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-webhook:subjectaccessreviews -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -rules: -- apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-cainjector:leaderelection -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager:leaderelection -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-webhook:dynamic-serving -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - ports: - - name: tcp-prometheus-servicemonitor - port: 9402 - protocol: TCP - targetPort: 9402 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - type: ClusterIP - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - template: - metadata: - creationTimestamp: null - labels: - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --leader-election-namespace=kube-system - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-cainjector - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-cainjector - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9402" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.10 - - --max-concurrent-challenges=60 - - --enable-certificate-owner-ref=true - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-controller - ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP - - containerPort: 9403 - name: http-healthz - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - template: - metadata: - creationTimestamp: null - labels: - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.12.10 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: 6080 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cert-manager-webhook - ports: - - containerPort: 10250 - name: https - protocol: TCP - - containerPort: 6080 - name: healthcheck - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 6080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-webhook - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /mutate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /validate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - namespaceSelector: - matchExpressions: - - key: cert-manager.io/disable-validation - operator: NotIn - values: - - "true" - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content deleted file mode 100644 index 2f1927d79ec50..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: cluster-autoscaler - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -rules: -- apiGroups: - - "" - resources: - - events - - endpoints - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - "" - resources: - - pods/status - verbs: - - update -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler - resources: - - endpoints - verbs: - - get - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - watch - - list - - get - - update -- apiGroups: - - "" - resources: - - namespaces - - pods - - services - - replicationcontrollers - - persistentvolumeclaims - - persistentvolumes - verbs: - - watch - - list - - get -- apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - watch - - list - - get -- apiGroups: - - batch - - extensions - resources: - - jobs - verbs: - - get - - list - - patch - - watch -- apiGroups: - - extensions - resources: - - replicasets - - daemonsets - verbs: - - watch - - list - - get -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - watch - - list -- apiGroups: - - apps - resources: - - daemonsets - - replicasets - - statefulsets - verbs: - - watch - - list - - get -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csinodes - - csidrivers - - csistoragecapacities - verbs: - - watch - - list - - get -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - cluster-autoscaler - resources: - - leases - verbs: - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler-status - resources: - - configmaps - verbs: - - delete - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - ports: - - name: http - port: 8085 - protocol: TCP - targetPort: 8085 - selector: - app.kubernetes.io/name: cluster-autoscaler - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: cluster-autoscaler - template: - metadata: - annotations: - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cluster-autoscaler - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: node-role.kubernetes.io/spot-worker - operator: DoesNotExist - weight: 1 - containers: - - command: - - ./cluster-autoscaler - - --balance-similar-node-groups=false - - --emit-per-nodegroup-metrics=false - - --cloud-provider=aws - - --aws-use-static-instance-list=false - - --expander=random - - --nodes=2:2:nodes.minimal.example.com - - --ignore-daemonsets-utilization=false - - --scale-down-utilization-threshold=0.5 - - --skip-nodes-with-local-storage=true - - --skip-nodes-with-system-pods=true - - --scale-down-delay-after-add=10m0s - - --scale-down-unneeded-time=10m0s - - --scale-down-unready-time=20m0s - - --new-pod-scale-up-delay=0s - - --max-node-provision-time=15m0s - - --cordon-node-before-terminating=true - - --logtostderr=true - - --stderrthreshold=info - - --v=4 - env: - - name: AWS_REGION - value: us-test-1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/cluster-autoscaler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.3 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health-check - port: http - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cluster-autoscaler - ports: - - containerPort: 8085 - name: http - protocol: TCP - resources: - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: ClusterFirst - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: cluster-autoscaler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 94e92cc18bb2e..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - version: v1.31.0-beta.1 - name: dns-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: dns-controller - strategy: - type: Recreate - template: - metadata: - creationTimestamp: null - labels: - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --watch-ingress=false - - --dns=aws-route53 - - --zone=*/Z1AFAKE1ZON3YO - - --internal-ipv4 - - --zone=*/* - - -v=2 - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/dns-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/kops/dns-controller:1.31.0-beta.1 - name: dns-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: Default - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccount: dns-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: dns-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - ingress - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops:dns-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:dns-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content deleted file mode 100644 index 907342d510459..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ /dev/null @@ -1,225 +0,0 @@ -apiVersion: v1 -data: - config.yaml: | - {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}} -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - version: v1.31.0-beta.1 - name: kops-controller - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kops-controller - template: - metadata: - annotations: - dns.alpha.kubernetes.io/internal: kops-controller.internal.minimal.example.com - creationTimestamp: null - labels: - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - containers: - - args: - - --v=2 - - --conf=/etc/kubernetes/kops-controller/config/config.yaml - command: null - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 - name: kops-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - runAsUser: 10011 - volumeMounts: - - mountPath: /etc/kubernetes/kops-controller/config/ - name: kops-controller-config - - mountPath: /etc/kubernetes/kops-controller/pki/ - name: kops-controller-pki - dnsPolicy: Default - hostNetwork: true - nodeSelector: null - priorityClassName: system-cluster-critical - serviceAccount: kops-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - volumes: - - configMap: - name: kops-controller - name: kops-controller-config - - hostPath: - path: /etc/kubernetes/kops-controller/ - type: Directory - name: kops-controller-pki - updateStrategy: - type: OnDelete - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - "" - - coordination.k8s.io - resourceNames: - - kops-controller-leader - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - patch - - update - - delete -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content deleted file mode 100644 index 658d9975d5dba..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ /dev/null @@ -1,276 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: system:aggregated-metrics-reader -rules: -- apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -rules: -- apiGroups: - - "" - resources: - - nodes/metrics - verbs: - - get -- apiGroups: - - "" - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:metrics-server -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - k8s-app: metrics-server - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - k8s-app: metrics-server - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metrics-server - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --secure-port=4443 - - --kubelet-use-node-status-port - - --metric-resolution=15s - - --kubelet-preferred-address-types=Hostname - - --cert-dir=/tmp - - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: https - scheme: HTTPS - periodSeconds: 10 - name: metrics-server - ports: - - containerPort: 4443 - name: https - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - periodSeconds: 10 - resources: - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: tmp-dir - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: metrics-server - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: tmp-dir - ---- - -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: v1beta1.metrics.k8s.io -spec: - group: metrics.k8s.io - groupPriorityMinimum: 100 - insecureSkipTLSVerify: true - service: - name: metrics-server - namespace: kube-system - version: v1beta1 - versionPriority: 100 - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - minAvailable: 1 - selector: - matchLabels: - k8s-app: metrics-server diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content deleted file mode 100644 index d0a993d01a3ad..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content +++ /dev/null @@ -1,682 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - role.kubernetes.io/networking: "1" - name: eniconfigs.crd.k8s.amazonaws.com -spec: - group: crd.k8s.amazonaws.com - names: - kind: ENIConfig - plural: eniconfigs - singular: eniconfig - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ENIConfig is the Schema for the eniconfigs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ENIConfigSpec defines the desired state of ENIConfig - properties: - securityGroups: - items: - type: string - type: array - subnet: - type: string - required: - - subnet - type: object - status: - description: ENIConfigStatus defines the observed state of ENIConfig - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: amazon-network-policy-controller-k8s - role.kubernetes.io/networking: "1" - name: policyendpoints.networking.k8s.aws -spec: - group: networking.k8s.aws - names: - kind: PolicyEndpoint - listKind: PolicyEndpointList - plural: policyendpoints - singular: policyendpoint - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: PolicyEndpoint is the Schema for the policyendpoints API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PolicyEndpointSpec defines the desired state of PolicyEndpoint - properties: - egress: - description: Egress is the list of egress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - ingress: - description: Ingress is the list of ingress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - podIsolation: - description: PodIsolation specifies whether the pod needs to be isolated - for a particular traffic direction Ingress or Egress, or both. If - default isolation is not specified, and there are no ingress/egress - rules, then the pod is not isolated from the point of view of this - policy. This follows the NetworkPolicy spec.PolicyTypes. - items: - description: PolicyType string describes the NetworkPolicy type - This type is beta-level in 1.8 - type: string - type: array - podSelector: - description: PodSelector is the podSelector from the policy resource - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelectorEndpoints: - description: PodSelectorEndpoints contains information about the pods - matching the podSelector - items: - description: PodEndpoint defines the summary information for the - pods - properties: - hostIP: - description: HostIP is the IP address of the host the pod is - currently running on - type: string - name: - description: Name is the pod name - type: string - namespace: - description: Namespace is the pod namespace - type: string - podIP: - description: PodIP is the IP address of the pod - type: string - required: - - hostIP - - name - - namespace - - podIP - type: object - type: array - policyRef: - description: PolicyRef is a reference to the Kubernetes NetworkPolicy - resource. - properties: - name: - description: Name is the name of the Policy - type: string - namespace: - description: Namespace is the namespace of the Policy - type: string - required: - - name - - namespace - type: object - required: - - policyRef - type: object - status: - description: PolicyEndpointStatus defines the observed state of PolicyEndpoint - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system - ---- - -apiVersion: v1 -data: - branch-eni-cooldown: "60" - enable-network-policy-controller: "false" - enable-windows-ipam: "false" - enable-windows-prefix-delegation: "false" - minimum-ip-target: "3" - warm-ip-target: "1" - warm-prefix-target: "0" -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: amazon-vpc-cni - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.0 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -rules: -- apiGroups: - - crd.k8s.amazonaws.com - resources: - - eniconfigs - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - get -- apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints/status - verbs: - - get -- apiGroups: - - vpcresources.k8s.aws - resources: - - cninodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node -subjects: -- kind: ServiceAccount - name: aws-node - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-node - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/name: aws-node - k8s-app: aws-node - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - hybrid - - auto - containers: - - env: - - name: ADDITIONAL_ENI_TAGS - value: '{"KubernetesCluster":"minimal.example.com","kubernetes.io/cluster/minimal.example.com":"owned"}' - - name: AWS_VPC_CNI_NODE_PORT_SUPPORT - value: "true" - - name: AWS_VPC_ENI_MTU - value: "9001" - - name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER - value: "false" - - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG - value: "false" - - name: AWS_VPC_K8S_CNI_EXTERNALSNAT - value: "false" - - name: AWS_VPC_K8S_CNI_LOGLEVEL - value: DEBUG - - name: AWS_VPC_K8S_CNI_LOG_FILE - value: /host/var/log/aws-routed-eni/ipamd.log - - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT - value: prng - - name: AWS_VPC_K8S_CNI_VETHPREFIX - value: eni - - name: AWS_VPC_K8S_PLUGIN_LOG_FILE - value: /var/log/aws-routed-eni/plugin.log - - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL - value: DEBUG - - name: DISABLE_INTROSPECTION - value: "false" - - name: DISABLE_METRICS - value: "false" - - name: DISABLE_NETWORK_RESOURCE_PROVISIONING - value: "false" - - name: ENABLE_IPv4 - value: "true" - - name: ENABLE_IPv6 - value: "false" - - name: ENABLE_POD_ENI - value: "false" - - name: ENABLE_PREFIX_DELEGATION - value: "false" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - - name: NETWORK_POLICY_ENFORCING_MODE - value: standard - - name: WARM_ENI_TARGET - value: "1" - - name: WARM_PREFIX_TARGET - value: "1" - - name: VPC_CNI_VERSION - value: v1.19.2 - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CLUSTER_NAME - value: minimal.example.com - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.19.2 - livenessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 60 - timeoutSeconds: 10 - name: aws-node - ports: - - containerPort: 61678 - name: metrics - readinessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /host/var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - - mountPath: /run/xtables.lock - name: xtables-lock - - args: - - --enable-ipv6=false - - --enable-network-policy=false - - --enable-cloudwatch-logs=false - - --enable-policy-event-logs=false - - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - - --metrics-bind-addr=:8162 - - --health-probe-bind-addr=:8163 - - --conntrack-cache-cleanup-period=300 - env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.6 - name: aws-eks-nodeagent - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /sys/fs/bpf - name: bpf-pin-path - - mountPath: /var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - hostNetwork: true - initContainers: - - env: - - name: DISABLE_TCP_EARLY_DEMUX - value: "false" - - name: ENABLE_IPv6 - value: "false" - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.19.2 - name: aws-vpc-cni-init - resources: - requests: - cpu: 25m - securityContext: - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - priorityClassName: system-node-critical - serviceAccountName: aws-node - terminationGracePeriodSeconds: 10 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /sys/fs/bpf - name: bpf-pin-path - - hostPath: - path: /opt/cni/bin - name: cni-bin-dir - - hostPath: - path: /etc/cni/net.d - name: cni-net-dir - - hostPath: - path: /var/log/aws-routed-eni - type: DirectoryOrCreate - name: log-dir - - hostPath: - path: /var/run/aws-node - type: DirectoryOrCreate - name: run-dir - - hostPath: - path: /run/xtables.lock - type: FileOrCreate - name: xtables-lock - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content deleted file mode 100644 index da3a64de540e8..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content +++ /dev/null @@ -1,285 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - get -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - extensions - resources: - - daemonsets - verbs: - - get -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node-termination-handler -subjects: -- kind: ServiceAccount - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kubernetes.io/os: linux - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - k8s-app: aws-node-termination-handler - kops.k8s.io/managed-by: kops - kops.k8s.io/nth-mode: sqs - kubernetes.io/os: linux - spec: - containers: - - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_PROBES_SERVER - value: "true" - - name: PROBES_SERVER_PORT - value: "8080" - - name: PROBES_SERVER_ENDPOINT - value: /healthz - - name: LOG_LEVEL - value: info - - name: JSON_LOGGING - value: "true" - - name: LOG_FORMAT_VERSION - value: "2" - - name: ENABLE_PROMETHEUS_SERVER - value: "false" - - name: PROMETHEUS_SERVER_PORT - value: "9092" - - name: CHECK_TAG_BEFORE_DRAINING - value: "true" - - name: MANAGED_TAG - value: aws-node-termination-handler/managed - - name: USE_PROVIDER_ID - value: "true" - - name: DRY_RUN - value: "false" - - name: CORDON_ONLY - value: "false" - - name: TAINT_NODE - value: "false" - - name: EXCLUDE_FROM_LOAD_BALANCERS - value: "true" - - name: DELETE_LOCAL_DATA - value: "true" - - name: IGNORE_DAEMON_SETS - value: "true" - - name: POD_TERMINATION_GRACE_PERIOD - value: "-1" - - name: NODE_TERMINATION_GRACE_PERIOD - value: "120" - - name: EMIT_KUBERNETES_EVENTS - value: "true" - - name: COMPLETE_LIFECYCLE_ACTION_DELAY_SECONDS - value: "-1" - - name: ENABLE_SQS_TERMINATION_DRAINING - value: "true" - - name: QUEUE_URL - value: https://sqs.us-test-1.amazonaws.com/123456789012/minimal-example-com-nth - - name: DELETE_SQS_MSG_IF_NODE_NOT_FOUND - value: "false" - - name: WORKERS - value: "10" - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-node-termination-handler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/aws-ec2/aws-node-termination-handler:v1.22.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - name: aws-node-termination-handler - ports: - - containerPort: 8080 - name: liveness-probe - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - resources: - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - serviceAccountName: aws-node-termination-handler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content deleted file mode 100644 index f382104015a77..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content +++ /dev/null @@ -1,1372 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - shortNames: - - vsclass - - vsclasses - singular: volumesnapshotclass - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: true - subresources: {} - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotClass - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: false - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - shortNames: - - vsc - - vscs - singular: volumesnapshotcontent - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - oneOf: - - required: - - snapshotHandle - - required: - - volumeHandle - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotContent is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotContent - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshots.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - shortNames: - - vs - singular: volumesnapshot - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - oneOf: - - required: - - persistentVolumeClaimName - - required: - - volumeSnapshotContentName - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshot is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshot - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-runner -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: snapshot-controller-leaderelection -subjects: -- kind: ServiceAccount - name: snapshot-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: snapshot-controller-runner -subjects: -- kind: ServiceAccount - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system -spec: - minReadySeconds: 15 - replicas: 2 - selector: - matchLabels: - app: snapshot-controller - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --v=5 - - --leader-election=true - image: registry.k8s.io/sig-storage/snapshot-controller:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-controller - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app: snapshot-validation - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-deployment - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: snapshot-validation - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-validation - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt - - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key - image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-validation - ports: - - containerPort: 443 - volumeMounts: - - mountPath: /etc/snapshot-validation-webhook/certs - name: snapshot-validation-webhook-certs - readOnly: true - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: snapshot-validation-webhook-certs - secret: - secretName: snapshot-validation-secret - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: snapshot-validation - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/snapshot-validation-service - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: validation-webhook.snapshot.storage.k8s.io -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: snapshot-validation-service - namespace: kube-system - path: /volumesnapshot - failurePolicy: Ignore - name: validation-webhook.snapshot.storage.k8s.io - rules: - - apiGroups: - - snapshot.storage.k8s.io - apiVersions: - - v1 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - volumesnapshots - - volumesnapshotcontents - scope: '*' - sideEffects: None - timeoutSeconds: 2 - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - dnsNames: - - snapshot-validation-service.kube-system.svc - - snapshot-validation-service.kube-system.svc.minimal.example.com - issuerRef: - kind: Issuer - name: snapshot-controller.addons.k8s.io - secretName: snapshot-validation-secret diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content deleted file mode 100644 index d93b0e46052ed..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ /dev/null @@ -1,334 +0,0 @@ -APIServerConfig: - API: - dns: {} - publicName: api.minimal.example.com - ClusterDNSDomain: cluster.local - KubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - ServiceAccountPublicKeys: | - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm - XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ== - -----END RSA PUBLIC KEY----- - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF - Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ== - -----END RSA PUBLIC KEY----- -Assets: - amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 - arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 -CAs: - apiserver-aggregator-ca: | - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gINaZLHjisEcbMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTExMloX - DTMxMDYzMDA0NTExMlowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQAHAomFKsF4jvYX - WM/UzQXDj9nSAFTf8dBPCXyZZNotsOH7+P6W4mMiuVs8bAuGiXGUdbsQ2lpiT/Rk - CzMeMdr4 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gM0nxQpiX/agfMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTIzMVoX - DTMxMDYzMDA0NTIzMVowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQCXsoezoxXu2CEN - QdlXZOfmBT6cqxIX/RMHXhpHwRiqPsTO8IO2bVA8CSzxNwMuSv/ZtrMHoh8+PcVW - HLtkTXH8 - -----END CERTIFICATE----- - etcd-clients-ca: | - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1ogHnr26DL9YkqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjE5MDFaFw0zMTA2Mjgx - NjE5MDFaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAAZAdf8ROEVkr3Rf7I+s+CQOil2toadlKWOY - qCeJ2XaEROfp9aUTEIU1MGM3g57MPyAPPU7mURskuOQz6B1UFaY= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1olfBnC/CsT+dqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjIwMzNaFw0zMTA2Mjgx - NjIwMzNaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAF1xUz77PlUVUnd9duF8F7plou0TONC9R6/E - YQ8C6vM1b+9NSDGjCW8YmwEU2fBgskb/BBX2lwVZ32/RUEju4Co= - -----END CERTIFICATE----- - etcd-manager-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bKjm04vB4rNtaMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAwOTU2WhcN - MzEwNzA1MjAwOTU2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKiC8tndMlEFZ7qzeKxeKqFVjaYpsh/H - g7RxWo15+1kgH3suO0lxp9+RxSVv97hnsfbySTPZVhy2cIQj7eZtZt8CAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBg6 - CEZkQNnRkARBwFce03AEWa+sMA0GCSqGSIb3DQEBCwUAA0EAJMnBThok/uUe8q8O - sS5q19KUuE8YCTUzMDj36EBKf6NX4NoakCa1h6kfQVtlMtEIMWQZCjbm8xGK5ffs - GS/VUw== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bQ+EgIiBmGghjMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAxMTQ2WhcN - MzEwNzA1MjAxMTQ2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKFhHVVxxDGv8d1jBvtdSxz7KIVoBOjL - DMxsmTsINiQkTQaFlb+XPlnY1ar4+RhE519AFUkqfhypk4Zxqf1YFXUCAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNuW - LLH5c8kDubDbr6BHgedW0iJ9MA0GCSqGSIb3DQEBCwUAA0EAiKUoBoaGu7XzboFE - hjfKlX0TujqWuW3qMxDEJwj4dVzlSLrAoB/G01MJ+xxYKh456n48aG6N827UPXhV - cPfVNg== - -----END CERTIFICATE----- - etcd-manager-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjm1c3jfv6hIMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAxbkDbGYmCSShpRG3r+lzTOFujyuruRfjOhYm - ZRX4w1Utd5y63dUc98sjc9GGUYMHd+0k1ql/a48tGhnK6N6jJwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWZLkbBFx - GAgPU4i62c52unSo7RswDQYJKoZIhvcNAQELBQADQQAj6Pgd0va/8FtkyMlnohLu - Gf4v8RJO6zk3Y6jJ4+cwWziipFM1ielMzSOZfFcCZgH3m5Io40is4hPSqyq2TOA6 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eg8Si30gr4MA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAw33jzcd/iosN04b0WXbDt7B0c3sJ3aafcGLP - vG3xRB9N5bYr9+qZAq3mzAFkxscn4j1ce5b1/GKTDEAClmZgdQIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUE/h+3gDP - DvKwHRyiYlXM8voZ1wowDQYJKoZIhvcNAQELBQADQQBXuimeEoAOu5HN4hG7NqL9 - t40K3ZRhRZv3JQWnRVJCBDjg1rD0GQJR/n+DoWvbeijI5C9pNjr2pWSIYR1eYCvd - -----END CERTIFICATE----- - etcd-peers-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjmxTPh3/lYJMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAv5g4HF2xmrYyouJfY9jXx1M3gPLD/pupvxPY - xyjJw5pNCy5M5XGS3iTqRD5RDE0fWudVHFZKLIe8WPc06NApXwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUf6xiDI+O - Yph1ziCGr2hZaQYt+fUwDQYJKoZIhvcNAQELBQADQQBBxj5hqEQstonTb8lnqeGB - DEYtUeAk4eR/HzvUMjF52LVGuvN3XVt+JTrFeKNvb6/RDUbBNRj3azalcUkpPh6V - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eq69jgzpKwMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAo5Nj2CjX1qp3mEPw1H5nHAFWLoGNSLSlRFJW - 03NxaNPMFzL5PrCoyOXrX8/MWczuZYw0Crf8EPOOQWi2+W0XLwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxauhhKQh - cvdZND78rHe0RQVTTiswDQYJKoZIhvcNAQELBQADQQB+cq4jIS9q0zXslaRa+ViI - J+dviA3sMygbmSJO0s4DxYmoazKJblux5q0ASSvS9iL1l9ShuZ1dWyp2tpZawHyb - -----END CERTIFICATE----- - etcd-peers-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bKjmuLDDLcDHsMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDA5NTZaFw0zMTA3 - MDUyMDA5NTZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCyRaXWpwgN6INQqws9p/BvPElJv2Rno9dVTFhlQqDA - aUJXe7MBmiO4NJcW76EozeBh5ztR3/4NE1FM2x8TisS3AgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtE1d49uSvpURf - OQ25Vlu6liY20DANBgkqhkiG9w0BAQsFAANBAAgLVaetJZcfOA3OIMMvQbz2Ydrt - uWF9BKkIad8jrcIrm3IkOtR8bKGmDIIaRKuG/ZUOL6NMe2fky3AAfKwleL4= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bQ+EuVthBfuZvMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDExNDZaFw0zMTA3 - MDUyMDExNDZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCxNbycDZNx5V1ZOiXxZSvaFpHRwKeHDfcuMUitdoPt - naVMlMTGDWAMuCVmFHFAWohIYynemEegmZkZ15S7AErfAgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAjQ8T4HclPIsC - qipEfUIcLP6jqTANBgkqhkiG9w0BAQsFAANBAJdZ17TN3HlWrH7HQgfR12UBwz8K - G9DurDznVaBVUYaHY8Sg5AvAXeb+yIF2JMmRR+bK+/G1QYY2D3/P31Ic2Oo= - -----END CERTIFICATE----- - kubernetes-ca: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- -ClusterName: minimal.example.com -ControlPlaneConfig: - KubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 -DNSZone: Z1AFAKE1ZON3YO -DefaultMachineType: m3.medium -EtcdClusterNames: -- main -- events -FileAssets: -- content: | - apiVersion: kubescheduler.config.k8s.io/v1 - clientConnection: - kubeconfig: /var/lib/kube-scheduler/kubeconfig - kind: KubeSchedulerConfiguration - path: /var/lib/kube-scheduler/config.yaml -Hooks: -- null -- null -KeypairIDs: - apiserver-aggregator-ca: "6980187172486667078076483355" - etcd-clients-ca: "6979622252718071085282986282" - etcd-manager-ca-events: "6982279354000777253151890266" - etcd-manager-ca-main: "6982279354000936168671127624" - etcd-peers-ca-events: "6982279353999767935825892873" - etcd-peers-ca-main: "6982279353998887468930183660" - kubernetes-ca: "6982820025135291416230495506" - service-account: "2" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/kops-controller-pki: "" - node-role.kubernetes.io/control-plane: "" - node.kubernetes.io/exclude-from-external-load-balancers: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - taints: - - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -channels: -- memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml -configStore: - keypairs: memfs://clusters.example.com/minimal.example.com/pki - secrets: memfs://clusters.example.com/minimal.example.com/secrets -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -etcdManifests: -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml -staticManifests: -- key: kube-apiserver-healthcheck - path: manifests/static/kube-apiserver-healthcheck.yaml -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index abe3b2d5a2366..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,62 +0,0 @@ -Assets: - amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -DefaultMachineType: t2.medium -Hooks: -- null -- null -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.25.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml deleted file mode 100644 index f5b46c3c27eda..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - clusterAutoscaler: - enabled: true - metricsServer: - enabled: true - kubernetesApiAccess: - - 0.0.0.0/0 - channel: stable - cloudConfig: - awsEBSCSIDriver: - enabled: true - cloudControllerManager: - cloudProvider: aws - cloudProvider: aws - configBase: memfs://clusters.example.com/minimal.example.com - etcdClusters: - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: main - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: events - iam: - useServiceAccountExternalPermissions: true - kubelet: - anonymousAuth: false - kubernetesVersion: v1.25.0 - masterPublicName: api.minimal.example.com - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - enabled: true - nonMasqueradeCIDR: 172.20.0.0/16 - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: nodes - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: t2.medium - maxSize: 2 - minSize: 2 - role: Node - subnets: - - us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: master-us-test-1a - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: m3.medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test-1a diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf deleted file mode 100644 index 312922f21005f..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf +++ /dev/null @@ -1,1213 +0,0 @@ -locals { - cluster_name = "minimal.example.com" - iam_openid_connect_provider_arn = aws_iam_openid_connect_provider.minimal-example-com.arn - iam_openid_connect_provider_issuer = "discovery.example.com/minimal.example.com" - kube-system-aws-cloud-controller-manager_role_arn = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn - kube-system-aws-cloud-controller-manager_role_name = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name - kube-system-aws-load-balancer-controller_role_arn = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn - kube-system-aws-load-balancer-controller_role_name = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name - kube-system-aws-node-termination-handler_role_arn = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn - kube-system-aws-node-termination-handler_role_name = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name - kube-system-cluster-autoscaler_role_arn = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn - kube-system-cluster-autoscaler_role_name = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name - kube-system-dns-controller_role_arn = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn - kube-system-dns-controller_role_name = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name - kube-system-ebs-csi-controller-sa_role_arn = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn - kube-system-ebs-csi-controller-sa_role_name = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name - master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] - master_security_group_ids = [aws_security_group.masters-minimal-example-com.id] - masters_role_arn = aws_iam_role.masters-minimal-example-com.arn - masters_role_name = aws_iam_role.masters-minimal-example-com.name - node_autoscaling_group_ids = [aws_autoscaling_group.nodes-minimal-example-com.id] - node_security_group_ids = [aws_security_group.nodes-minimal-example-com.id] - node_subnet_ids = [aws_subnet.us-test-1a-minimal-example-com.id] - nodes_role_arn = aws_iam_role.nodes-minimal-example-com.arn - nodes_role_name = aws_iam_role.nodes-minimal-example-com.name - region = "us-test-1" - route_table_public_id = aws_route_table.minimal-example-com.id - subnet_us-test-1a_id = aws_subnet.us-test-1a-minimal-example-com.id - vpc_cidr_block = aws_vpc.minimal-example-com.cidr_block - vpc_id = aws_vpc.minimal-example-com.id - vpc_ipv6_cidr_block = aws_vpc.minimal-example-com.ipv6_cidr_block - vpc_ipv6_cidr_length = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -output "cluster_name" { - value = "minimal.example.com" -} - -output "iam_openid_connect_provider_arn" { - value = aws_iam_openid_connect_provider.minimal-example-com.arn -} - -output "iam_openid_connect_provider_issuer" { - value = "discovery.example.com/minimal.example.com" -} - -output "kube-system-aws-cloud-controller-manager_role_arn" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-cloud-controller-manager_role_name" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-load-balancer-controller_role_arn" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-load-balancer-controller_role_name" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-node-termination-handler_role_arn" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-node-termination-handler_role_name" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-cluster-autoscaler_role_arn" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-cluster-autoscaler_role_name" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-dns-controller_role_arn" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-dns-controller_role_name" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-ebs-csi-controller-sa_role_arn" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-ebs-csi-controller-sa_role_name" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -output "master_autoscaling_group_ids" { - value = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] -} - -output "master_security_group_ids" { - value = [aws_security_group.masters-minimal-example-com.id] -} - -output "masters_role_arn" { - value = aws_iam_role.masters-minimal-example-com.arn -} - -output "masters_role_name" { - value = aws_iam_role.masters-minimal-example-com.name -} - -output "node_autoscaling_group_ids" { - value = [aws_autoscaling_group.nodes-minimal-example-com.id] -} - -output "node_security_group_ids" { - value = [aws_security_group.nodes-minimal-example-com.id] -} - -output "node_subnet_ids" { - value = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -output "nodes_role_arn" { - value = aws_iam_role.nodes-minimal-example-com.arn -} - -output "nodes_role_name" { - value = aws_iam_role.nodes-minimal-example-com.name -} - -output "region" { - value = "us-test-1" -} - -output "route_table_public_id" { - value = aws_route_table.minimal-example-com.id -} - -output "subnet_us-test-1a_id" { - value = aws_subnet.us-test-1a-minimal-example-com.id -} - -output "vpc_cidr_block" { - value = aws_vpc.minimal-example-com.cidr_block -} - -output "vpc_id" { - value = aws_vpc.minimal-example-com.id -} - -output "vpc_ipv6_cidr_block" { - value = aws_vpc.minimal-example-com.ipv6_cidr_block -} - -output "vpc_ipv6_cidr_length" { - value = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -provider "aws" { - region = "us-test-1" -} - -provider "aws" { - alias = "files" - region = "us-test-1" -} - -resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.master-us-test-1a-masters-minimal-example-com.id - version = aws_launch_template.master-us-test-1a-masters-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 1 - metrics_granularity = "1Minute" - min_size = 1 - name = "master-us-test-1a.masters.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "master-us-test-1a.masters.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/control-plane" - propagate_at_launch = true - value = "1" - } - tag { - key = "k8s.io/role/master" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "master-us-test-1a" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_group" "nodes-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.nodes-minimal-example-com.id - version = aws_launch_template.nodes-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 2 - metrics_granularity = "1Minute" - min_size = 2 - name = "nodes.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "nodes.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/node" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "nodes" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_lifecycle_hook" "master-us-test-1a-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "master-us-test-1a-NTHLifecycleHook" -} - -resource "aws_autoscaling_lifecycle_hook" "nodes-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.nodes-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "nodes-NTHLifecycleHook" -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-ASGLifecycle" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern") - name = "minimal.example.com-ASGLifecycle" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-ASGLifecycle" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceScheduledChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern") - name = "minimal.example.com-InstanceScheduledChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceScheduledChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceStateChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern") - name = "minimal.example.com-InstanceStateChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceStateChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-SpotInterruption" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern") - name = "minimal.example.com-SpotInterruption" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-SpotInterruption" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-ASGLifecycle-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-ASGLifecycle.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceScheduledChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceScheduledChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceStateChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceStateChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-SpotInterruption-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-SpotInterruption.id -} - -resource "aws_ebs_volume" "us-test-1a-etcd-events-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-events.minimal.example.com" - "k8s.io/etcd/events" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_ebs_volume" "us-test-1a-etcd-main-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-main.minimal.example.com" - "k8s.io/etcd/main" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_iam_instance_profile" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - role = aws_iam_role.masters-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_instance_profile" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - role = aws_iam_role.nodes-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_openid_connect_provider" "minimal-example-com" { - client_id_list = ["amazonaws.com"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280", "a9d53002e97e00e043244f3d170d6f4c414104fd"] - url = "https://discovery.example.com/minimal.example.com" -} - -resource "aws_iam_role" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-cloud-controller-manager" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-load-balancer-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-node-termination-handler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "cluster-autoscaler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "cluster-autoscaler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "dns-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy") - name = "dns-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "dns-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "dns-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "ebs-csi-controller-sa" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "masters-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_masters.minimal.example.com_policy") - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role" "nodes-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.minimal.example.com_policy") - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role_policy" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "dns-controller-kube-system-sa-minimal-example-com" { - name = "dns-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_masters.minimal.example.com_policy") - role = aws_iam_role.masters-minimal-example-com.name -} - -resource "aws_iam_role_policy" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_nodes.minimal.example.com_policy") - role = aws_iam_role.nodes-minimal-example-com.name -} - -resource "aws_internet_gateway" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_key_pair" "kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { - key_name = "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" - public_key = file("${path.module}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 64 - volume_type = "gp3" - } - } - block_device_mappings { - device_name = "/dev/sdc" - virtual_name = "ephemeral0" - } - iam_instance_profile { - name = aws_iam_instance_profile.masters-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "m3.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "master-us-test-1a.masters.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.masters-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data") -} - -resource "aws_launch_template" "nodes-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 128 - volume_type = "gp3" - } - } - iam_instance_profile { - name = aws_iam_instance_profile.nodes-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "t2.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "nodes.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.nodes-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_nodes.minimal.example.com_user_data") -} - -resource "aws_route" "route-0-0-0-0--0" { - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route" "route-__--0" { - destination_ipv6_cidr_block = "::/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route_table" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/kops/role" = "public" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_route_table_association" "us-test-1a-minimal-example-com" { - route_table_id = aws_route_table.minimal-example-com.id - subnet_id = aws_subnet.us-test-1a-minimal-example-com.id -} - -resource "aws_s3_object" "cluster-completed-spec" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_cluster-completed.spec_content") - key = "clusters.example.com/minimal.example.com/cluster-completed.spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "discovery-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_discovery.json_content") - key = "discovery.example.com/minimal.example.com/.well-known/openid-configuration" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-events" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-events_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/events/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-main" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-main_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/main/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "keys-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_keys.json_content") - key = "discovery.example.com/minimal.example.com/openid/v1/jwks" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "kops-version-txt" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_kops-version.txt_content") - key = "clusters.example.com/minimal.example.com/kops-version.txt" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-events-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-main-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-static-kube-apiserver-healthcheck" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content") - key = "clusters.example.com/minimal.example.com/manifests/static/kube-apiserver-healthcheck.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-cloud-controller-addons-k8s-io-k8s-1-18" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content") - key = "clusters.example.com/minimal.example.com/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-ebs-csi-driver-addons-k8s-io-k8s-1-17" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content") - key = "clusters.example.com/minimal.example.com/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-load-balancer-controller-addons-k8s-io-k8s-1-19" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content") - key = "clusters.example.com/minimal.example.com/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-bootstrap" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content") - key = "clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-certmanager-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/certmanager.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-cluster-autoscaler-addons-k8s-io-k8s-1-15" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content") - key = "clusters.example.com/minimal.example.com/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-coredns-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/coredns.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kops-controller-addons-k8s-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s-io-k8s-1-9" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content") - key = "clusters.example.com/minimal.example.com/addons/kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") - key = "clusters.example.com/minimal.example.com/addons/limit-range.addons.k8s.io/v1.5.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-metrics-server-addons-k8s-io-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-networking-amazon-vpc-routed-eni-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-node-termination-handler-aws-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/node-termination-handler.aws/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-snapshot-controller-addons-k8s-io-k8s-1-20" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content") - key = "clusters.example.com/minimal.example.com/addons/snapshot-controller.addons.k8s.io/k8s-1.20.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-storage-aws-addons-k8s-io-v1-15-0" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content") - key = "clusters.example.com/minimal.example.com/addons/storage-aws.addons.k8s.io/v1.15.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/igconfig/control-plane/master-us-test-1a/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-nodes" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-nodes_content") - key = "clusters.example.com/minimal.example.com/igconfig/node/nodes/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_security_group" "masters-minimal-example-com" { - description = "Security group for masters" - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group" "nodes-minimal-example-com" { - description = "Security group for nodes" - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 443 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" { - from_port = 1 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 2379 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" { - from_port = 2382 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 4000 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" { - from_port = 4003 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" { - from_port = 1 - protocol = "udp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_sqs_queue" "minimal-example-com-nth" { - message_retention_seconds = 300 - name = "minimal-example-com-nth" - policy = file("${path.module}/data/aws_sqs_queue_minimal-example-com-nth_policy") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal-example-com-nth" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_subnet" "us-test-1a-minimal-example-com" { - availability_zone = "us-test-1a" - cidr_block = "172.20.32.0/19" - enable_resource_name_dns_a_record_on_launch = true - private_dns_hostname_type_on_launch = "resource-name" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.minimal.example.com" - "SubnetType" = "Public" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/role/elb" = "1" - "kubernetes.io/role/internal-elb" = "1" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_vpc" "minimal-example-com" { - assign_generated_ipv6_cidr_block = true - cidr_block = "172.20.0.0/16" - enable_dns_hostnames = true - enable_dns_support = true - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options" "minimal-example-com" { - domain_name = "us-test-1.compute.internal" - domain_name_servers = ["AmazonProvidedDNS"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options_association" "minimal-example-com" { - dhcp_options_id = aws_vpc_dhcp_options.minimal-example-com.id - vpc_id = aws_vpc.minimal-example-com.id -} - -terraform { - required_version = ">= 0.15.0" - required_providers { - aws = { - "configuration_aliases" = [aws.files] - "source" = "hashicorp/aws" - "version" = ">= 5.0.0" - } - } -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/README.md b/tests/integration/update_cluster/many-addons-ccm-irsa26/README.md deleted file mode 100644 index d173d34f98fd6..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/README.md +++ /dev/null @@ -1,9 +0,0 @@ -Simple test of (experimental) JWKS functionality - -We have to use a fixed CA because the fingerprint is inserted into the AWS WebIdentity configuration. - -ca.crt & ca.key generated with: - -``` -openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt -config <(cat /etc/ssl/openssl.cnf <(printf "[ v3_ca ]\nkeyUsage = critical,keyCertSign,cRLSign")) -``` diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6c18833de43c0..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-cloud-controller-manager" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 94a18743494c1..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 3266f85030aab..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-node-termination-handler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6a4c8278048c0..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:cluster-autoscaler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a1f5c8e2f8b59..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6bd6048b16001..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:ebs-csi-controller-sa" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index d05670c1897e5..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,116 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:ModifyInstanceAttribute", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index e141f8b925c99..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,118 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "acm:DescribeCertificate", - "acm:ListCertificates", - "cognito-idp:DescribeUserPoolClient", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteRule", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyRule", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:RemoveTags", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a2a9cfce2edb2..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,26 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeTags", - "ec2:DescribeInstances", - "sqs:DeleteMessage", - "sqs:ReceiveMessage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:CompleteLifecycleAction", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 89ba38c735d86..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,32 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeScalingActivities", - "ec2:DescribeImages", - "ec2:DescribeInstanceTypes", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetInstanceTypesFromInstanceRequirements" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index c3f164caee182..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,35 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 5dd615cd76fbe..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,91 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateVolume", - "CreateSnapshot" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AttachVolume", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:CreateVolume" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy deleted file mode 100644 index d6666452b057c..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ /dev/null @@ -1,137 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:AttachVolume", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com", - "aws:ResourceTag/k8s.io/role/master": "1" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:Get*" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-write-bucket" - ] - }, - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:GenerateRandom", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy deleted file mode 100644 index d18bc3afc1c35..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ /dev/null @@ -1,48 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:GenerateRandom" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data deleted file mode 100644 index 7a1cac56e2893..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigBase: memfs://clusters.example.com/minimal.example.com -InstanceGroupName: master-us-test-1a -InstanceGroupRole: ControlPlane -NodeupConfigHash: CDKhVFdu3Wzi7gM/Guzh59cp2VZqBae3DZ1OQWj2guU= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content deleted file mode 100644 index f3474a4cf8d60..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content +++ /dev/null @@ -1,256 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - api: - dns: {} - authorization: - alwaysAllow: {} - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - channel: stable - cloudConfig: - awsEBSCSIDriver: - version: v1.33.0 - manageStorageClasses: true - cloudControllerManager: - allocateNodeCIDRs: true - cloudProvider: aws - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 - leaderElection: - leaderElect: true - cloudProvider: aws - clusterAutoscaler: - awsUseStaticInstanceList: false - balanceSimilarNodeGroups: false - emitPerNodegroupMetrics: false - enabled: true - expander: random - ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 - maxNodeProvisionTime: 15m0s - newPodScaleUpDelay: 0s - scaleDownDelayAfterAdd: 10m0s - scaleDownUnneededTime: 10m0s - scaleDownUnreadyTime: 20m0s - scaleDownUtilizationThreshold: "0.5" - skipNodesWithCustomControllerPods: true - skipNodesWithLocalStorage: true - skipNodesWithSystemPods: true - clusterDNSDomain: cluster.local - configBase: memfs://clusters.example.com/minimal.example.com - containerd: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 - dnsZone: Z1AFAKE1ZON3YO - etcdClusters: - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/main - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: main - version: 3.5.17 - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/events - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: events - version: 3.5.17 - externalDns: - provider: dns-controller - iam: - legacy: false - useServiceAccountExternalPermissions: true - keyStore: memfs://clusters.example.com/minimal.example.com/pki - kubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - kubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - kubeDNS: - cacheMaxConcurrent: 150 - cacheMaxSize: 1000 - cpuRequest: 100m - domain: cluster.local - memoryLimit: 170Mi - memoryRequest: 70Mi - nodeLocalDNS: - additionalConfig: | - googleapis.com:53 { - bind 169.254.20.10 - forward . 10.238.1.130 - } - cpuRequest: 25m - enabled: true - forwardToKubeDNS: false - image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0 - localIP: 169.254.20.10 - memoryRequest: 5Mi - provider: CoreDNS - serverIP: 100.64.0.10 - kubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 - kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 - kubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - kubernetesApiAccess: - - 0.0.0.0/0 - kubernetesVersion: 1.26.0 - masterKubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - masterPublicName: api.minimal.example.com - metricsServer: - enabled: true - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - cpuRequest: 50m - deleteSQSMsgIfNodeNotFound: false - enableRebalanceDraining: false - enableRebalanceMonitoring: false - enableScheduledEventDraining: true - enableSpotInterruptionDraining: true - enabled: true - excludeFromLoadBalancers: true - managedASGTag: aws-node-termination-handler/managed - memoryRequest: 64Mi - podTerminationGracePeriod: -1 - prometheusEnable: false - taintNode: false - version: v1.22.0 - nonMasqueradeCIDR: 172.20.0.0/16 - podCIDR: 172.20.128.0/17 - secretStore: memfs://clusters.example.com/minimal.example.com/secrets - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - serviceClusterIPRange: 100.64.0.0/13 - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - topology: - dns: - type: Public diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content deleted file mode 100644 index aba05dfd1a0c4..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content +++ /dev/null @@ -1,18 +0,0 @@ -{ -"issuer": "https://discovery.example.com/minimal.example.com", -"jwks_uri": "https://discovery.example.com/minimal.example.com/openid/v1/jwks", -"authorization_endpoint": "urn:kubernetes:programmatic_authorization", -"response_types_supported": [ -"id_token" -], -"subject_types_supported": [ -"public" -], -"id_token_signing_alg_values_supported": [ -"RS256" -], -"claims_supported": [ -"sub", -"iss" -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content deleted file mode 100644 index ddcbc6ed75733..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content +++ /dev/null @@ -1,20 +0,0 @@ -{ -"keys": [ -{ -"use": "sig", -"kty": "RSA", -"kid": "3mNcULfgtWECYyZWY5ow1rOHjiRwEZHx28HQcRec3Ew", -"alg": "RS256", -"n": "2JbeF8dNwqfEKKD65aGlVs58fWkA0qZdVLKw8qATzRBJTi1nqbj2kAR4gyy_C8Mxouxva_om9d7Sq8Ka55T7-w", -"e": "AQAB" -}, -{ -"use": "sig", -"kty": "RSA", -"kid": "G-cZ10iKJqrXhR15ivI7Lg2q_cuL0zN9ouL0vF67FLc", -"alg": "RS256", -"n": "o4Tridlsf4Yz3UAiup_scSTiG_OqxkUW3Fz7zGKvVcLeYj9GEIKuzoB1VFk1nboDq4cCuGLfdzaQdCQKPIsDuw", -"e": "AQAB" -} -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content deleted file mode 100644 index 4eb0d5b03a1b5..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-events - name: etcd-manager-events - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3997 --peer-urls=https://__name__:2381 - --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events - --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-events - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd-events.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content deleted file mode 100644 index e2d9e5d30ab76..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-main - name: etcd-manager-main - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3996 --peer-urls=https://__name__:2380 - --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main - --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-main - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content deleted file mode 100644 index 03aa43bf091f3..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - k8s-app: aws-cloud-controller-manager - name: aws-cloud-controller-manager - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-cloud-controller-manager - template: - metadata: - creationTimestamp: null - labels: - k8s-app: aws-cloud-controller-manager - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --allocate-node-cidrs=true - - --cloud-provider=aws - - --cluster-cidr=172.20.128.0/17 - - --cluster-name=minimal.example.com - - --configure-cloud-routes=false - - --leader-elect=true - - --v=2 - - --use-service-account-credentials=true - - --cloud-config=/etc/kubernetes/cloud.config - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 - imagePullPolicy: IfNotPresent - name: aws-cloud-controller-manager - resources: - requests: - cpu: 200m - volumeMounts: - - mountPath: /etc/kubernetes/cloud.config - name: cloudconfig - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: aws-cloud-controller-manager - tolerations: - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - - effect: NoSchedule - key: node.kubernetes.io/not-ready - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - - effect: NoSchedule - key: node-role.kubernetes.io/master - volumes: - - hostPath: - path: /etc/kubernetes/cloud.config - type: "" - name: cloudconfig - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - updateStrategy: - type: RollingUpdate - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: cloud-controller-manager:apiserver-authentication-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - '*' -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch -- apiGroups: - - "" - resources: - - services - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - node-controller - - service-controller - - route-controller - resources: - - serviceaccounts/token - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content deleted file mode 100644 index f5f3572927925..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content +++ /dev/null @@ -1,1209 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-attacher-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-role -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-provisioner-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - create - - patch - - delete -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-resizer-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-attacher-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-getter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-csi-node-role -subjects: -- kind: ServiceAccount - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-provisioner-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-resizer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-resizer-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-snapshotter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-snapshotter-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-role - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ebs-csi-leases-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app: ebs-csi-controller - app.kubernetes.io/managed-by: kops - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - ports: - - name: metrics - port: 3301 - targetPort: 3301 - selector: - app: ebs-csi-controller - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node - namespace: kube-system -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-node - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-node - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: topology.kubernetes.io/zone - operator: Exists - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - key: node.kubernetes.io/instance-type - operator: NotIn - values: - - a1.medium - - a1.large - - a1.xlarge - - a1.2xlarge - - a1.4xlarge - containers: - - args: - - node - - --endpoint=$(CSI_ENDPOINT) - - --logging-format=text - - --v=2 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:/csi/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /bin/aws-ebs-csi-driver - - pre-stop-hook - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - privileged: true - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - name: kubelet-dir - - mountPath: /csi - name: plugin-dir - - mountPath: /dev - name: device-dir - - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.11.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - periodSeconds: 90 - timeoutSeconds: 15 - name: node-driver-registrar - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - - mountPath: /registration - name: registration-dir - - mountPath: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - name: probe-dir - - args: - - --csi-address=/csi/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - hostNetwork: false - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - securityContext: - fsGroup: 0 - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - serviceAccountName: ebs-csi-node-sa - terminationGracePeriodSeconds: 30 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /var/lib/kubelet - type: Directory - name: kubelet-dir - - hostPath: - path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - type: DirectoryOrCreate - name: plugin-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - name: registration-dir - - hostPath: - path: /dev - type: Directory - name: device-dir - - emptyDir: {} - name: probe-dir - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-controller - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - weight: 1 - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - ebs-csi-controller - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - controller - - --endpoint=$(CSI_ENDPOINT) - - --k8s-tag-cluster-id=minimal.example.com - - --extra-tags=KubernetesCluster=minimal.example.com - - --http-endpoint=0.0.0.0:3301 - - --batching=true - - --logging-format=text - - --v=5 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: key_id - name: aws-secret - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access_key - name: aws-secret - optional: true - - name: AWS_EC2_ENDPOINT - valueFrom: - configMapKeyRef: - key: endpoint - name: aws-meta - optional: true - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9811 - name: healthz - protocol: TCP - - containerPort: 3301 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --feature-gates=Topology=true - - --extra-create-metadata - - --leader-election=true - - --default-fstype=ext4 - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v5.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-provisioner - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=5m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.6.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-attacher - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=$(ADDRESS) - - --leader-election=true - - --extra-create-metadata - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter:v8.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-snapshotter - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s:v0.3.0 - imagePullPolicy: IfNotPresent - name: volumemodifier - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --handle-volume-inuse-error=false - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --workers=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.11.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-resizer - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=/csi/csi.sock - - --http-endpoint=0.0.0.0:9811 - env: - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: ebs-csi-controller-sa - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - tolerationSeconds: 300 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: socket-dir - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs.csi.aws.com -spec: - attachRequired: true - podInfoOnMount: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content deleted file mode 100644 index dea787ab0df13..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ /dev/null @@ -1,1264 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: ingressclassparams.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: IngressClassParams - listKind: IngressClassParamsList - plural: ingressclassparams - singular: ingressclassparams - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The Ingress Group name - jsonPath: .spec.group.name - name: GROUP-NAME - type: string - - description: The AWS Load Balancer scheme - jsonPath: .spec.scheme - name: SCHEME - type: string - - description: The AWS Load Balancer ipAddressType - jsonPath: .spec.ipAddressType - name: IP-ADDRESS-TYPE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IngressClassParams is the Schema for the IngressClassParams API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressClassParamsSpec defines the desired state of IngressClassParams - properties: - group: - description: Group defines the IngressGroup for all Ingresses that - belong to IngressClass with this IngressClassParams. - properties: - name: - description: Name is the name of IngressGroup. - type: string - required: - - name - type: object - inboundCIDRs: - description: InboundCIDRs specifies the CIDRs that are allowed to - access the Ingresses that belong to IngressClass with this IngressClassParams. - items: - type: string - type: array - ipAddressType: - description: IPAddressType defines the ip address type for all Ingresses - that belong to IngressClass with this IngressClassParams. - enum: - - ipv4 - - dualstack - type: string - loadBalancerAttributes: - description: LoadBalancerAttributes define the custom attributes to - LoadBalancers for all Ingress that that belong to IngressClass with - this IngressClassParams. - items: - description: Attributes defines custom attributes on resources. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - namespaceSelector: - description: NamespaceSelector restrict the namespaces of Ingresses - that are allowed to specify the IngressClass with this IngressClassParams. - * if absent or present but empty, it selects all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - scheme: - description: Scheme defines the scheme for all Ingresses that belong - to IngressClass with this IngressClassParams. - enum: - - internal - - internet-facing - type: string - sslPolicy: - description: SSLPolicy specifies the SSL Policy for all Ingresses - that belong to IngressClass with this IngressClassParams. - type: string - subnets: - description: Subnets defines the subnets for all Ingresses that belong - to IngressClass with this IngressClassParams. - properties: - ids: - description: IDs specify the resource IDs of subnets. Exactly - one of this or `tags` must be specified. - items: - description: SubnetID specifies a subnet ID. - pattern: subnet-[0-9a-f]+ - type: string - minItems: 1 - type: array - tags: - additionalProperties: - items: - type: string - type: array - description: Tags specifies subnets in the load balancer's VPC - where each tag specified in the map key contains one of the - values in the corresponding value list. Exactly one of this - or `ids` must be specified. - type: object - type: object - tags: - description: Tags defines list of Tags on AWS resources provisioned - for Ingresses that belong to IngressClass with this IngressClassParams. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: targetgroupbindings.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: TargetGroupBinding - listKind: TargetGroupBindingList - plural: targetgroupbindings - singular: targetgroupbinding - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - networking: - description: networking provides the networking setup for ELBV2 LoadBalancer - to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - ipAddressType: - description: ipAddressType specifies whether the target group is of - type IPv4 or IPv6. If unspecified, it will be automatically inferred. - enum: - - ipv4 - - ipv6 - type: string - networking: - description: networking defines the networking rules to allow ELBV2 - LoadBalancer to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - description: NetworkingIngressRule defines a particular set - of traffic that is allowed to access TargetGroup's targets. - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - description: NetworkingPort defines the port and protocol - for networking rules. - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - nodeSelector: - description: node selector for instance type target groups to only - register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - minLength: 1 - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-role - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - aws-load-balancer-controller-leader - resources: - - configmaps - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - aws-load-balancer-controller-leader - resources: - - leases - verbs: - - get - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-role -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/status - verbs: - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - ingressclassparams - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings/status - verbs: - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: aws-load-balancer-controller-leader-election-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-load-balancer-controller-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook-service - namespace: kube-system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --metrics-bind-addr=:9442 - - --cluster-name=minimal.example.com - - --enable-waf=false - - --enable-wafv2=false - - --enable-shield=false - - --ingress-class=alb - - --default-tags=KubernetesCluster=minimal.example.com - - --aws-region=us-test-1 - env: - - name: NODENAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 - livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 - name: controller - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - resources: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: aws-load-balancer-controller - terminationGracePeriodSeconds: 10 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: aws-load-balancer-webhook-tls - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-serving-cert - namespace: kube-system -spec: - dnsNames: - - aws-load-balancer-webhook-service.kube-system.svc - - aws-load-balancer-webhook-service.kube-system.svc.cluster.local - issuerRef: - kind: Issuer - name: aws-load-balancer-selfsigned-issuer - secretName: aws-load-balancer-webhook-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-selfsigned-issuer - namespace: kube-system -spec: - selfSigned: {} - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-service - failurePolicy: Fail - name: mservice.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - services - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-pod - failurePolicy: Fail - name: mpod.elbv2.k8s.aws - namespaceSelector: - matchExpressions: - - key: elbv2.k8s.aws/pod-readiness-gate-inject - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: mtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams - failurePolicy: Fail - name: vingressclassparams.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingressclassparams - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: vtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-networking-v1-ingress - failurePolicy: Fail - matchPolicy: Equivalent - name: vingress.elbv2.k8s.aws - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - ---- - -apiVersion: elbv2.k8s.aws/v1beta1 -kind: IngressClassParams -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb - ---- - -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb -spec: - controller: ingress.k8s.aws/alb - parameters: - apiGroup: elbv2.k8s.aws - kind: IngressClassParams - name: alb - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content deleted file mode 100644 index a1cbcf707618a..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ /dev/null @@ -1,216 +0,0 @@ -kind: Addons -metadata: - creationTimestamp: null - name: bootstrap -spec: - addons: - - id: k8s-1.16 - manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 - name: kops-controller.addons.k8s.io - needsRollingUpdate: control-plane - selector: - k8s-addon: kops-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: coredns.addons.k8s.io/k8s-1.12.yaml - manifestHash: 591e3b40d00949575616698ce1c9230db8cb00bdab4f8a0d5ef14080a1d7a93c - name: coredns.addons.k8s.io - selector: - k8s-addon: coredns.addons.k8s.io - version: 9.99.0 - - id: k8s-1.9 - manifest: kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml - manifestHash: 01c120e887bd98d82ef57983ad58a0b22bc85efb48108092a24c4b82e4c9ea81 - name: kubelet-api.rbac.addons.k8s.io - selector: - k8s-addon: kubelet-api.rbac.addons.k8s.io - version: 9.99.0 - - manifest: limit-range.addons.k8s.io/v1.5.0.yaml - manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 - name: limit-range.addons.k8s.io - selector: - k8s-addon: limit-range.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml - manifestHash: be276bd85459d2d34b26a95d3c9492939bb386ce39f13212db484d23aa57da22 - name: dns-controller.addons.k8s.io - selector: - k8s-addon: dns-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: nodelocaldns.addons.k8s.io/k8s-1.12.yaml - manifestHash: c5d7f108f79f99e99173fff8a7056f6acbf3bf02967fa91034170095ac67d47b - name: nodelocaldns.addons.k8s.io - needsRollingUpdate: all - selector: - k8s-addon: nodelocaldns.addons.k8s.io - version: 9.99.0 - - id: k8s-1.15 - manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 3764bb2698fcd6ad15853cf437c1664e7f46acfee77fdc3c686f1aa000ab4006 - name: cluster-autoscaler.addons.k8s.io - selector: - k8s-addon: cluster-autoscaler.addons.k8s.io - version: 9.99.0 - - id: k8s-1.11 - manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f - name: metrics-server.addons.k8s.io - needsPKI: true - selector: - k8s-app: metrics-server - version: 9.99.0 - - id: k8s-1.16 - manifest: certmanager.io/k8s-1.16.yaml - manifestHash: e9a1f65a8e57904e77e1b5e9f429ca56e154eb73ed2a536e1fb39746573dba21 - name: certmanager.io - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: Service - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - selector: null - version: 9.99.0 - - id: k8s-1.11 - manifest: node-termination-handler.aws/k8s-1.11.yaml - manifestHash: 09840259d2fc87e0f9704d14df71a803b21e5f9a65017929f4721eb191b53f70 - name: node-termination-handler.aws - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: Service - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - selector: - k8s-addon: node-termination-handler.aws - version: 9.99.0 - - id: k8s-1.19 - manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: f32c0c5f258e9fb26f8a69b7a2e9ece3738d737552e774d8d84896dcab323782 - name: aws-load-balancer-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: aws-load-balancer-controller.addons.k8s.io - version: 9.99.0 - - id: v1.15.0 - manifest: storage-aws.addons.k8s.io/v1.15.0.yaml - manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200 - name: storage-aws.addons.k8s.io - selector: - k8s-addon: storage-aws.addons.k8s.io - version: 9.99.0 - - id: k8s-1.16 - manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml - manifestHash: f7c29b8c7ecc81826fbb05c53bc443f4e387a0e1dd375b9dbdd71de95674a479 - name: networking.amazon-vpc-routed-eni - needsRollingUpdate: all - selector: - role.kubernetes.io/networking: "1" - version: 9.99.0 - - id: k8s-1.18 - manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 61d8aed7126cff29860f5b09a092010af18071fa057edaa5cdc3ab3a38cc6ef2 - name: aws-cloud-controller.addons.k8s.io - selector: - k8s-addon: aws-cloud-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.17 - manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml - manifestHash: db7ca215ecd9c12f6f746b37865600f8130ef9844faf7bad48ba8e661fd83ee7 - name: aws-ebs-csi-driver.addons.k8s.io - selector: - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - version: 9.99.0 - - id: k8s-1.20 - manifest: snapshot-controller.addons.k8s.io/k8s-1.20.yaml - manifestHash: 06a1cffd153dc7f8cf75853da3683d3a68b55411883d84b9bebf049fc746b980 - name: snapshot-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: snapshot-controller.addons.k8s.io - version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content deleted file mode 100644 index aa9800e4092bd..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ /dev/null @@ -1,10095 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificaterequests.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: CertificateRequest - listKind: CertificateRequestList - plural: certificaterequests - shortNames: - - cr - - crs - singular: certificaterequest - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Approved")].status - name: Approved - type: string - - jsonPath: .status.conditions[?(@.type=="Denied")].status - name: Denied - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - type: string - - jsonPath: .spec.username - name: Requestor - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate - from one of the configured issuers. \n All fields within the CertificateRequest's - `spec` are immutable after creation. A CertificateRequest will either succeed - or fail, as denoted by its `status.state` field. \n A CertificateRequest - is a one-shot resource, meaning it represents a single point in time request - for a certificate and cannot be re-used." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the CertificateRequest resource. - properties: - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. - type: string - extra: - additionalProperties: - items: - type: string - type: array - description: Extra contains extra attributes of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - type: object - groups: - description: Groups contains group membership of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - items: - type: string - type: array - x-kubernetes-list-type: atomic - isCA: - description: IsCA will request to mark the certificate as valid for - certificate signing when submitting to the issuer. This will automatically - add the `cert sign` usage to the list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this CertificateRequest. If - the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the CertificateRequest - will be used. If the `kind` field is set to `ClusterIssuer`, a - ClusterIssuer with the provided name will be used. The `name` field - in this stanza is required at all times. The group field refers - to the API group of the issuer which defaults to `cert-manager.io` - if empty. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: The PEM-encoded x509 certificate signing request to be - submitted to the CA for signing. - format: byte - type: string - uid: - description: UID contains the uid of the user that created the CertificateRequest. - Populated by the cert-manager webhook on creation and immutable. - type: string - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. If usages are set they SHOULD be encoded inside - the CSR spec Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - username: - description: Username contains the name of the user that created the - CertificateRequest. Populated by the cert-manager webhook on creation - and immutable. - type: string - required: - - issuerRef - - request - type: object - status: - description: Status of the CertificateRequest. This is set and managed - automatically. - properties: - ca: - description: The PEM encoded x509 certificate of the signer, also - known as the CA (Certificate Authority). This is set on a best-effort - basis by different issuers. If not set, the CA is assumed to be - unknown/not available. - format: byte - type: string - certificate: - description: The PEM encoded x509 certificate resulting from the certificate - signing request. If not set, the CertificateRequest has either not - been completed or has failed. More information on failure can be - found by checking the `conditions` field. - format: byte - type: string - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. - items: - description: CertificateRequestCondition contains condition information - for a CertificateRequest. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `InvalidRequest`, `Approved`, `Denied`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failureTime: - description: FailureTime stores the time that this CertificateRequest - failed. This is used to influence garbage collection and back-off. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificates.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Certificate - listKind: CertificateList - plural: certificates - shortNames: - - cert - - certs - singular: certificate - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.secretName - name: Secret - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to - date and signed x509 certificate is stored in the Kubernetes Secret resource - named in `spec.secretName`. \n The stored certificate will be renewed before - it expires (as configured by `spec.renewBefore`)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Certificate resource. - properties: - additionalOutputFormats: - description: AdditionalOutputFormats defines extra output formats - of the private key and signed certificate chain to be written to - this Certificate's target Secret. This is an Alpha Feature and is - only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` - option on both the controller and webhook components. - items: - description: CertificateAdditionalOutputFormat defines an additional - output format of a Certificate resource. These contain supplementary - data formats of the signed certificate chain and paired private - key. - properties: - type: - description: Type is the name of the format type that should - be written to the Certificate's target Secret. - enum: - - DER - - CombinedPEM - type: string - required: - - type - type: object - type: array - commonName: - description: 'CommonName is a common name to be used on the Certificate. - The CommonName should have a length of 64 characters or fewer to - avoid generating invalid CSRs. This value is ignored by TLS clients - when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' - type: string - dnsNames: - description: DNSNames is a list of DNS subjectAltNames to be set on - the Certificate. - items: - type: string - type: array - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. If unset - this defaults to 90 days. Certificate will be renewed either 2/3 - through its duration or `renewBefore` period before its expiry, - whichever is later. Minimum accepted duration is 1 hour. Value must - be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - emailAddresses: - description: EmailAddresses is a list of email subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - encodeUsagesInRequest: - description: EncodeUsagesInRequest controls whether key usages should - be present in the CertificateRequest - type: boolean - ipAddresses: - description: IPAddresses is a list of IP address subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - isCA: - description: IsCA will mark this Certificate as valid for certificate - signing. This will automatically add the `cert sign` usage to the - list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this certificate. - If the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the Certificate will - be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer - with the provided name will be used. The `name` field in this stanza - is required at all times. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - keystores: - description: Keystores configures additional keystore output formats - stored in the `secretName` Secret resource. - properties: - jks: - description: JKS configures options for storing a JKS keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables JKS keystore creation for the - Certificate. If true, a file named `keystore.jks` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.jks` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the JKS keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - pkcs12: - description: PKCS12 configures options for storing a PKCS12 keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables PKCS12 keystore creation for the - Certificate. If true, a file named `keystore.p12` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.p12` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the PKCS12 keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - type: object - literalSubject: - description: LiteralSubject is an LDAP formatted string that represents - the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). - Use this *instead* of the Subject field if you need to ensure the - correct ordering of the RDN sequence, such as when issuing certs - for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, - https://github.com/cert-manager/cert-manager/issues/4424. This field - is alpha level and is only supported by cert-manager installations - where LiteralCertificateSubject feature gate is enabled on both - cert-manager controller and webhook. - type: string - privateKey: - description: Options to control private keys used for the Certificate. - properties: - algorithm: - description: Algorithm is the private key algorithm of the corresponding - private key for this certificate. If provided, allowed values - are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified - and `size` is not provided, key size of 256 will be used for - `ECDSA` key algorithm and key size of 2048 will be used for - `RSA` key algorithm. key size is ignored when using the `Ed25519` - key algorithm. - enum: - - RSA - - ECDSA - - Ed25519 - type: string - encoding: - description: The private key cryptography standards (PKCS) encoding - for this certificate's private key to be encoded in. If provided, - allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and - PKCS#8, respectively. Defaults to `PKCS1` if not specified. - enum: - - PKCS1 - - PKCS8 - type: string - rotationPolicy: - description: RotationPolicy controls how private keys should be - regenerated when a re-issuance is being processed. If set to - Never, a private key will only be generated if one does not - already exist in the target `spec.secretName`. If one does exists - but it does not have the correct algorithm or size, a warning - will be raised to await user intervention. If set to Always, - a private key matching the specified requirements will be generated - whenever a re-issuance occurs. Default is 'Never' for backward - compatibility. - enum: - - Never - - Always - type: string - size: - description: Size is the key bit size of the corresponding private - key for this certificate. If `algorithm` is set to `RSA`, valid - values are `2048`, `4096` or `8192`, and will default to `2048` - if not specified. If `algorithm` is set to `ECDSA`, valid values - are `256`, `384` or `521`, and will default to `256` if not - specified. If `algorithm` is set to `Ed25519`, Size is ignored. - No other values are allowed. - type: integer - type: object - renewBefore: - description: How long before the currently issued certificate's expiry - cert-manager should renew the certificate. The default is 2/3 of - the issued certificate's duration. Minimum accepted value is 5 minutes. - Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - revisionHistoryLimit: - description: revisionHistoryLimit is the maximum number of CertificateRequest - revisions that are maintained in the Certificate's history. Each - revision represents a single `CertificateRequest` created by this - Certificate, either when it was created, renewed, or Spec was changed. - Revisions will be removed by oldest first if the number of revisions - exceeds this number. If set, revisionHistoryLimit must be a value - of `1` or greater. If unset (`nil`), revisions will not be garbage - collected. Default value is `nil`. - format: int32 - type: integer - secretName: - description: SecretName is the name of the secret resource that will - be automatically created and managed by this Certificate resource. - It will be populated with a private key and certificate, signed - by the denoted issuer. - type: string - secretTemplate: - description: SecretTemplate defines annotations and labels to be copied - to the Certificate's Secret. Labels and annotations on the Secret - will be changed as they appear on the SecretTemplate when added - or removed. SecretTemplate annotations are added in conjunction - with, and cannot overwrite, the base set of annotations cert-manager - sets on the Certificate's Secret. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a key value map to be copied to the - target Kubernetes Secret. - type: object - labels: - additionalProperties: - type: string - description: Labels is a key value map to be copied to the target - Kubernetes Secret. - type: object - type: object - subject: - description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). - properties: - countries: - description: Countries to be used on the Certificate. - items: - type: string - type: array - localities: - description: Cities to be used on the Certificate. - items: - type: string - type: array - organizationalUnits: - description: Organizational Units to be used on the Certificate. - items: - type: string - type: array - organizations: - description: Organizations to be used on the Certificate. - items: - type: string - type: array - postalCodes: - description: Postal codes to be used on the Certificate. - items: - type: string - type: array - provinces: - description: State/Provinces to be used on the Certificate. - items: - type: string - type: array - serialNumber: - description: Serial number to be used on the Certificate. - type: string - streetAddresses: - description: Street addresses to be used on the Certificate. - items: - type: string - type: array - type: object - uris: - description: URIs is a list of URI subjectAltNames to be set on the - Certificate. - items: - type: string - type: array - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - required: - - issuerRef - - secretName - type: object - status: - description: Status of the Certificate. This is set and managed automatically. - properties: - conditions: - description: List of status conditions to indicate the status of certificates. - Known condition types are `Ready` and `Issuing`. - items: - description: CertificateCondition contains condition information - for an Certificate. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Certificate. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `Issuing`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failedIssuanceAttempts: - description: The number of continuous failed issuance attempts up - till now. This field gets removed (if set) on a successful issuance - and gets set to 1 if unset and an issuance has failed. If an issuance - has failed, the delay till the next issuance will be calculated - using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). - type: integer - lastFailureTime: - description: LastFailureTime is set only if the lastest issuance for - this Certificate failed and contains the time of the failure. If - an issuance has failed, the delay till the next issuance will be - calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - - 1). If the latest issuance has succeeded this field will be unset. - format: date-time - type: string - nextPrivateKeySecretName: - description: The name of the Secret resource containing the private - key to be used for the next certificate iteration. The keymanager - controller will automatically set this field if the `Issuing` condition - is set to `True`. It will automatically unset this field when the - Issuing condition is not set or False. - type: string - notAfter: - description: The expiration time of the certificate stored in the - secret named by this resource in `spec.secretName`. - format: date-time - type: string - notBefore: - description: The time after which the certificate stored in the secret - named by this resource in spec.secretName is valid. - format: date-time - type: string - renewalTime: - description: RenewalTime is the time at which the certificate will - be next renewed. If not set, no upcoming renewal is scheduled. - format: date-time - type: string - revision: - description: "The current 'revision' of the certificate as issued. - \n When a CertificateRequest resource is created, it will have the - `cert-manager.io/certificate-revision` set to one greater than the - current value of this field. \n Upon issuance, this field will be - set to the value of the annotation on the CertificateRequest resource - used to issue the certificate. \n Persisting the value on the CertificateRequest - resource allows the certificates controller to know whether a request - is part of an old issuance or if it is part of the ongoing revision's - issuance by checking if the revision value in the annotation is - greater than this field." - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: challenges.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Challenge - listKind: ChallengeList - plural: challenges - singular: challenge - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.dnsName - name: Domain - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Challenge is a type to represent a Challenge request with an - ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - authorizationURL: - description: The URL to the ACME Authorization resource that this - challenge is a part of. - type: string - dnsName: - description: dnsName is the identifier that this challenge is for, - e.g. example.com. If the requested DNSName is a 'wildcard', this - field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, - it must be `example.com`. - type: string - issuerRef: - description: References a properly configured ACME-type Issuer which - should be used to create this Challenge. If the Issuer does not - exist, processing will be retried. If the Issuer is not an 'ACME' - Issuer, an error will be returned and the Challenge will be marked - as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - key: - description: 'The ACME challenge key for this challenge For HTTP01 - challenges, this is the value that must be responded with to complete - the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is - the base64 encoded SHA256 sum of the `.` text that must be set as the TXT - record content.' - type: string - solver: - description: Contains the domain solving configuration that should - be used to solve this challenge resource. - properties: - dns01: - description: Configures cert-manager to attempt to complete authorizations - by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API to manage - DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage DNS01 - challenge records. - properties: - clientID: - description: if both this and ClientSecret are left unset - MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left unset - MSI will be used - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be used - type: string - managedIdentity: - description: managed identity configuration, can not be - used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, can - not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage DNS01 - challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field that - tells cert-manager in which Cloud DNS zone the challenge - record has to be created. If left empty cert-manager - will automatically choose a zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 challenge - records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. - Note: using an API token to authenticate is now the - recommended method as it allows greater control of permissions.' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with Cloudflare. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required when - using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider - should handle CNAME records when found in DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage DNS01 - challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name - System") (https://datatracker.ietf.org/doc/rfc2136/) to - manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed in - square brackets (e.g [2001:db8::1]) ; port is optional. - This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS - supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values are - (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, - ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the DNS. - If ``tsigSecretSecretRef`` is defined, this field is - required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the TSIG - value. If ``tsigKeyName`` is defined, this field is - required. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 challenge - records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If neither - the Access Key nor Key ID are set, we fall-back to using - env vars, shared credentials file or AWS Instance metadata, - see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key within - a Kubernetes Secret. Cannot be set when AccessKeyID - is set. If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials file - or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only this - zone in Route53 and will not do an lookup using the - route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 provider - will assume using either the explicit credentials AccessKeyID/SecretAccessKey - or the inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, we fall-back - to using env vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 challenge - solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should be passed - to the webhook apiserver when challenges are processed. - This can contain arbitrary JSON data. Secret values - should not be specified in this stanza. If secret values - are needed (e.g. credentials for a DNS service), you - should use a SecretKeySelector to reference a Secret - resource. For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used when - POSTing ChallengePayload resources to the webhook apiserver. - This should be the same as the GroupName specified in - the webhook provider implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will typically - be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete authorizations - by performing the HTTP01 challenge flow. It is not possible - to obtain certificates for wildcard domain names (e.g. `*.example.com`) - using the HTTP01 challenge mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community API - that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the specified - labels in the same namespace as the challenge. This solver - is experimental, and fields / behaviour may change in the - future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied to HTTPRoutes - created by cert-manager while solving HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager - creates an HTTPRoute. cert-manager needs to know which - parentRefs should be used when creating the HTTPRoute. - Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API object - (usually a Gateway) that can be considered a parent - of this resource (usually a route). The only kind - of parent resource with \"Core\" support is Gateway. - This API may be extended in the future to support - additional kinds of parent resources, such as HTTPRoute. - \n The API object must be valid in the cluster; the - Group and Kind must be registered in the cluster for - this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such as - for a \"Service\" kind referent), Group must be - explicitly set to \"\" (empty string). \n Support: - Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n Support: - Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the - referent. When unspecified, this refers to the - local namespace of the Route. \n Note that there - are specific rules for ParentRefs which cross - namespace boundaries. Cross-namespace references - are only valid if they are explicitly allowed - by something in the namespace they are referring - to. For example: Gateway has the AllowedRoutes - field, and ReferenceGrant provides a generic way - to enable any other kind of cross-namespace reference. - \n Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route - targets. It can be interpreted differently based - on the type of parent resource. \n When the parent - resource is a Gateway, this targets all listeners - listening on the specified port that also support - this kind of Route(and select this Route). It's - not recommended to set `Port` unless the networking - behaviors specified in a Route must apply to a - specific port as opposed to a listener(s) whose - port(s) may be changed. When both Port and SectionName - are specified, the name and port of the selected - listener must match both specified values. \n - Implementations MAY choose to support other parent - resources. Implementations supporting other types - of parent resources MUST clearly document how/if - Port is interpreted. \n For the purpose of status, - an attachment is considered successful as long - as the parent resource accepts it partially. For - example, Gateway listeners can restrict which - Routes can attach to them by Route kind, namespace, - or hostname. If 1 of 2 Gateway listeners accept - attachment from the referencing Route, the Route - MUST be considered successfully attached. If no - Gateway listeners accept attachment from this - Route, the Route MUST be considered detached from - the Gateway. \n Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section - within the target resource. In the following resources, - SectionName is interpreted as the following: \n - * Gateway: Listener Name. When both Port (experimental) - and SectionName are specified, the name and port - of the selected listener must match both specified - values. \n Implementations MAY choose to support - attaching Routes to other resources. If that is - the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), - this will reference the entire resource. For the - purpose of status, an attachment is considered - successful if at least one section in the parent - resource accepts it. For example, Gateway listeners - can restrict which Routes can attach to them by - Route kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully - attached. If no Gateway listeners accept attachment - from this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver will - solve challenges by creating or modifying Ingress resources - in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by cert-manager - for each Challenge to be completed. - properties: - class: - description: This field configures the annotation `kubernetes.io/ingress.class` - when creating Ingress resources to solve ACME challenges - that use this challenge solver. Only one of `class`, - `name` or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve ACME - challenges that use this challenge solver. This is the - recommended way of configuring the ingress class. Only - one of `class`, `name` or `ingressClassName` may be - specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the 'labels' - and 'annotations' fields may be set. If labels or - annotations overlap with in-built values, the values - here will override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the created ACME HTTP01 solver ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that should - have ACME challenge solving routes inserted into it - in order to solve HTTP01 challenges. This is typically - used in conjunction with ingress controllers like ingress-gce, - which maintains a 1:1 mapping between external IPs and - ingress resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure the - ACME challenge solver pods used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod used - to solve HTTP01 challenges. Only the 'labels' and - 'annotations' fields may be set. If labels or annotations - overlap with in-built values, the values here will - override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the create ACME HTTP01 solver pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the HTTP01 - challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All other - fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node matches the corresponding - matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to an update), - the system may or may not try to eventually - evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. - items: - description: A null or empty node - selector term matches no objects. - The requirements of them are ANDed. - The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains enough - information to let you locate the referenced - object inside the same namespace. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. Selector - which must match a node''s labels for the pod - to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the - toleration applies to. Empty means match - all taint keys. If the key is empty, operator - must be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. - By default, it is not set, which means - tolerate the taint forever (do not evict). - Zero and negative values will be treated - as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the - toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver has - a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will be used - to solve. If specified and a match is found, a dnsNames - selector will take precedence over a dnsZones selector. - If multiple solvers match with the same dnsNames value, - the solver with the most matching labels in matchLabels - will be selected. If neither has more matches, the solver - defined earlier in the list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will be used - to solve. The most specific DNS zone match specified here - will take precedence over other DNS zone matches, so a solver - specifying sys.example.com will be selected over one specifying - example.com for the domain www.sys.example.com. If multiple - solvers match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine the set - of certificate's that this challenge solver will apply to. - type: object - type: object - type: object - token: - description: The ACME challenge token for this challenge. This is - the raw value returned from the ACME server. - type: string - type: - description: The type of ACME challenge this resource represents. - One of "HTTP-01" or "DNS-01". - enum: - - HTTP-01 - - DNS-01 - type: string - url: - description: The URL of the ACME Challenge resource for this challenge. - This can be used to lookup details about the status of this challenge. - type: string - wildcard: - description: wildcard will be true if this challenge is for a wildcard - identifier, for example '*.example.com'. - type: boolean - required: - - authorizationURL - - dnsName - - issuerRef - - key - - solver - - token - - type - - url - type: object - status: - properties: - presented: - description: presented will be set to true if the challenge values - for this challenge are currently 'presented'. This *does not* imply - the self check is passing. Only that the values have been 'submitted' - for the appropriate challenge mechanism (i.e. the DNS01 TXT record - has been presented, or the HTTP01 configuration has been configured). - type: boolean - processing: - description: Used to denote whether this challenge should be processed - or not. This field will only be set to true by the 'scheduling' - component. It will only be set to false by the 'challenges' controller, - after the challenge has reached a final state or timed out. If this - field is set to false, the challenge controller will not take any - more action. - type: boolean - reason: - description: Contains human readable information on why the Challenge - is in the current state. - type: string - state: - description: Contains the current 'state' of the challenge. If not - set, the state of the challenge is unknown. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: clusterissuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: ClusterIssuer - listKind: ClusterIssuerList - plural: clusterissuers - singular: clusterissuer - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: A ClusterIssuer represents a certificate issuing authority which - can be referenced as part of `issuerRef` fields. It is similar to an Issuer, - however it is cluster-scoped and therefore can be referenced by resources - that exist in *any* namespace, not just the same namespace as the referent. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the ClusterIssuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the ClusterIssuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: issuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Issuer - listKind: IssuerList - plural: issuers - singular: issuer - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: An Issuer represents a certificate issuing authority which can - be referenced as part of `issuerRef` fields. It is scoped to a single namespace - and can therefore only be referenced by resources within the same namespace. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Issuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the Issuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: orders.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Order - listKind: OrderList - plural: orders - singular: order - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Order is a type to represent an Order with an ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - commonName: - description: CommonName is the common name as specified on the DER - encoded CSR. If specified, this value must also be present in `dnsNames` - or `ipAddresses`. This field must match the corresponding field - on the DER encoded CSR. - type: string - dnsNames: - description: DNSNames is a list of DNS names that should be included - as part of the Order validation process. This field must match the - corresponding field on the DER encoded CSR. - items: - type: string - type: array - duration: - description: Duration is the duration for the not after date for the - requested certificate. this is set on order creation as pe the ACME - spec. - type: string - ipAddresses: - description: IPAddresses is a list of IP addresses that should be - included as part of the Order validation process. This field must - match the corresponding field on the DER encoded CSR. - items: - type: string - type: array - issuerRef: - description: IssuerRef references a properly configured ACME-type - Issuer which should be used to create this Order. If the Issuer - does not exist, processing will be retried. If the Issuer is not - an 'ACME' Issuer, an error will be returned and the Order will be - marked as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: Certificate signing request bytes in DER encoding. This - will be used when finalizing the order. This field must be set on - the order. - format: byte - type: string - required: - - issuerRef - - request - type: object - status: - properties: - authorizations: - description: Authorizations contains data returned from the ACME server - on what authorizations must be completed in order to validate the - DNS names specified on the Order. - items: - description: ACMEAuthorization contains data returned from the ACME - server on an authorization that must be completed in order validate - a DNS name on an ACME Order resource. - properties: - challenges: - description: Challenges specifies the challenge types offered - by the ACME server. One of these challenge types will be selected - when validating the DNS name and an appropriate Challenge - resource will be created to perform the ACME challenge process. - items: - description: Challenge specifies a challenge offered by the - ACME server for an Order. An appropriate Challenge resource - can be created to perform the ACME challenge process. - properties: - token: - description: Token is the token that must be presented - for this challenge. This is used to compute the 'key' - that must also be presented. - type: string - type: - description: Type is the type of challenge being offered, - e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is - the raw value retrieved from the ACME server. Only 'http-01' - and 'dns-01' are supported by cert-manager, other values - will be ignored. - type: string - url: - description: URL is the URL of this challenge. It can - be used to retrieve additional metadata about the Challenge - from the ACME server. - type: string - required: - - token - - type - - url - type: object - type: array - identifier: - description: Identifier is the DNS name to be validated as part - of this authorization - type: string - initialState: - description: InitialState is the initial state of the ACME authorization - when first fetched from the ACME server. If an Authorization - is already 'valid', the Order controller will not create a - Challenge resource for the authorization. This will occur - when working with an ACME server that enables 'authz reuse' - (such as Let's Encrypt's production endpoint). If not set - and 'identifier' is set, the state is assumed to be pending - and a Challenge will be created. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL is the URL of the Authorization that must be - completed - type: string - wildcard: - description: Wildcard will be true if this authorization is - for a wildcard DNS name. If this is true, the identifier will - be the *non-wildcard* version of the DNS name. For example, - if '*.example.com' is the DNS name being validated, this field - will be 'true' and the 'identifier' field will be 'example.com'. - type: boolean - required: - - url - type: object - type: array - certificate: - description: Certificate is a copy of the PEM encoded certificate - for this Order. This field will be populated after the order has - been successfully finalized with the ACME server, and the order - has transitioned to the 'valid' state. - format: byte - type: string - failureTime: - description: FailureTime stores the time that this order failed. This - is used to influence garbage collection and back-off. - format: date-time - type: string - finalizeURL: - description: FinalizeURL of the Order. This is used to obtain certificates - for this order once it has been completed. - type: string - reason: - description: Reason optionally provides more information about a why - the order is in the current state. - type: string - state: - description: State contains the current state of this Order resource. - States 'success' and 'expired' are 'final' - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL of the Order. This will initially be empty when the - resource is first created. The Order controller will populate this - field when the Order is first processed. This field will be immutable - after it is initially set. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - create - - update - - patch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -rules: -- apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -rules: -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificates/status - - certificaterequests - - certificaterequests/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - certificates/finalizers - - certificaterequests/finalizers - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete -- apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - watch - - create - - delete -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create -- apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - verbs: - - create - - update - - delete -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cert-manager-view -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: cert-manager-edit -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - certificates/status - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -rules: -- apiGroups: - - cert-manager.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - update -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - update - - patch -- apiGroups: - - certificates.k8s.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - sign -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -rules: -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-cainjector -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-issuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-clusterissuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificates -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-orders -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-challenges -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-ingress-shim -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-approve:cert-manager-io -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificatesigningrequests -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-webhook:subjectaccessreviews -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -rules: -- apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-cainjector:leaderelection -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager:leaderelection -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-webhook:dynamic-serving -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - ports: - - name: tcp-prometheus-servicemonitor - port: 9402 - protocol: TCP - targetPort: 9402 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - type: ClusterIP - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - template: - metadata: - creationTimestamp: null - labels: - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --leader-election-namespace=kube-system - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-cainjector - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-cainjector - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9402" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.10 - - --max-concurrent-challenges=60 - - --enable-certificate-owner-ref=true - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-controller - ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP - - containerPort: 9403 - name: http-healthz - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - template: - metadata: - creationTimestamp: null - labels: - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.12.10 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: 6080 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cert-manager-webhook - ports: - - containerPort: 10250 - name: https - protocol: TCP - - containerPort: 6080 - name: healthcheck - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 6080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-webhook - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /mutate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /validate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - namespaceSelector: - matchExpressions: - - key: cert-manager.io/disable-validation - operator: NotIn - values: - - "true" - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content deleted file mode 100644 index 61f8f442f9d8b..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: cluster-autoscaler - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -rules: -- apiGroups: - - "" - resources: - - events - - endpoints - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - "" - resources: - - pods/status - verbs: - - update -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler - resources: - - endpoints - verbs: - - get - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - watch - - list - - get - - update -- apiGroups: - - "" - resources: - - namespaces - - pods - - services - - replicationcontrollers - - persistentvolumeclaims - - persistentvolumes - verbs: - - watch - - list - - get -- apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - watch - - list - - get -- apiGroups: - - batch - - extensions - resources: - - jobs - verbs: - - get - - list - - patch - - watch -- apiGroups: - - extensions - resources: - - replicasets - - daemonsets - verbs: - - watch - - list - - get -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - watch - - list -- apiGroups: - - apps - resources: - - daemonsets - - replicasets - - statefulsets - verbs: - - watch - - list - - get -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csinodes - - csidrivers - - csistoragecapacities - verbs: - - watch - - list - - get -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - cluster-autoscaler - resources: - - leases - verbs: - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler-status - resources: - - configmaps - verbs: - - delete - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - ports: - - name: http - port: 8085 - protocol: TCP - targetPort: 8085 - selector: - app.kubernetes.io/name: cluster-autoscaler - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: cluster-autoscaler - template: - metadata: - annotations: - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cluster-autoscaler - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: node-role.kubernetes.io/spot-worker - operator: DoesNotExist - weight: 1 - containers: - - command: - - ./cluster-autoscaler - - --balance-similar-node-groups=false - - --emit-per-nodegroup-metrics=false - - --cloud-provider=aws - - --aws-use-static-instance-list=false - - --expander=random - - --nodes=2:2:nodes.minimal.example.com - - --ignore-daemonsets-utilization=false - - --scale-down-utilization-threshold=0.5 - - --skip-nodes-with-local-storage=true - - --skip-nodes-with-system-pods=true - - --scale-down-delay-after-add=10m0s - - --scale-down-unneeded-time=10m0s - - --scale-down-unready-time=20m0s - - --new-pod-scale-up-delay=0s - - --max-node-provision-time=15m0s - - --cordon-node-before-terminating=true - - --logtostderr=true - - --stderrthreshold=info - - --v=4 - env: - - name: AWS_REGION - value: us-test-1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/cluster-autoscaler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health-check - port: http - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cluster-autoscaler - ports: - - containerPort: 8085 - name: http - protocol: TCP - resources: - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: ClusterFirst - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: cluster-autoscaler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 94e92cc18bb2e..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - version: v1.31.0-beta.1 - name: dns-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: dns-controller - strategy: - type: Recreate - template: - metadata: - creationTimestamp: null - labels: - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --watch-ingress=false - - --dns=aws-route53 - - --zone=*/Z1AFAKE1ZON3YO - - --internal-ipv4 - - --zone=*/* - - -v=2 - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/dns-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/kops/dns-controller:1.31.0-beta.1 - name: dns-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: Default - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccount: dns-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: dns-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - ingress - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops:dns-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:dns-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content deleted file mode 100644 index 4aa1194f1eb2c..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ /dev/null @@ -1,227 +0,0 @@ -apiVersion: v1 -data: - config.yaml: | - {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}} -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - version: v1.31.0-beta.1 - name: kops-controller - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kops-controller - template: - metadata: - annotations: - dns.alpha.kubernetes.io/internal: kops-controller.internal.minimal.example.com - creationTimestamp: null - labels: - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - containers: - - args: - - --v=2 - - --conf=/etc/kubernetes/kops-controller/config/config.yaml - command: null - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: KOPS_RUN_TOO_NEW_VERSION - value: "1" - image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 - name: kops-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - runAsUser: 10011 - volumeMounts: - - mountPath: /etc/kubernetes/kops-controller/config/ - name: kops-controller-config - - mountPath: /etc/kubernetes/kops-controller/pki/ - name: kops-controller-pki - dnsPolicy: Default - hostNetwork: true - nodeSelector: null - priorityClassName: system-cluster-critical - serviceAccount: kops-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - volumes: - - configMap: - name: kops-controller - name: kops-controller-config - - hostPath: - path: /etc/kubernetes/kops-controller/ - type: Directory - name: kops-controller-pki - updateStrategy: - type: OnDelete - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - "" - - coordination.k8s.io - resourceNames: - - kops-controller-leader - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - patch - - update - - delete -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content deleted file mode 100644 index 658d9975d5dba..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ /dev/null @@ -1,276 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: system:aggregated-metrics-reader -rules: -- apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -rules: -- apiGroups: - - "" - resources: - - nodes/metrics - verbs: - - get -- apiGroups: - - "" - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:metrics-server -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - k8s-app: metrics-server - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - k8s-app: metrics-server - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metrics-server - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --secure-port=4443 - - --kubelet-use-node-status-port - - --metric-resolution=15s - - --kubelet-preferred-address-types=Hostname - - --cert-dir=/tmp - - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: https - scheme: HTTPS - periodSeconds: 10 - name: metrics-server - ports: - - containerPort: 4443 - name: https - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - periodSeconds: 10 - resources: - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: tmp-dir - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: metrics-server - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: tmp-dir - ---- - -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: v1beta1.metrics.k8s.io -spec: - group: metrics.k8s.io - groupPriorityMinimum: 100 - insecureSkipTLSVerify: true - service: - name: metrics-server - namespace: kube-system - version: v1beta1 - versionPriority: 100 - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - minAvailable: 1 - selector: - matchLabels: - k8s-app: metrics-server diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content deleted file mode 100644 index d0a993d01a3ad..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content +++ /dev/null @@ -1,682 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - role.kubernetes.io/networking: "1" - name: eniconfigs.crd.k8s.amazonaws.com -spec: - group: crd.k8s.amazonaws.com - names: - kind: ENIConfig - plural: eniconfigs - singular: eniconfig - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ENIConfig is the Schema for the eniconfigs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ENIConfigSpec defines the desired state of ENIConfig - properties: - securityGroups: - items: - type: string - type: array - subnet: - type: string - required: - - subnet - type: object - status: - description: ENIConfigStatus defines the observed state of ENIConfig - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: amazon-network-policy-controller-k8s - role.kubernetes.io/networking: "1" - name: policyendpoints.networking.k8s.aws -spec: - group: networking.k8s.aws - names: - kind: PolicyEndpoint - listKind: PolicyEndpointList - plural: policyendpoints - singular: policyendpoint - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: PolicyEndpoint is the Schema for the policyendpoints API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PolicyEndpointSpec defines the desired state of PolicyEndpoint - properties: - egress: - description: Egress is the list of egress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - ingress: - description: Ingress is the list of ingress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - podIsolation: - description: PodIsolation specifies whether the pod needs to be isolated - for a particular traffic direction Ingress or Egress, or both. If - default isolation is not specified, and there are no ingress/egress - rules, then the pod is not isolated from the point of view of this - policy. This follows the NetworkPolicy spec.PolicyTypes. - items: - description: PolicyType string describes the NetworkPolicy type - This type is beta-level in 1.8 - type: string - type: array - podSelector: - description: PodSelector is the podSelector from the policy resource - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelectorEndpoints: - description: PodSelectorEndpoints contains information about the pods - matching the podSelector - items: - description: PodEndpoint defines the summary information for the - pods - properties: - hostIP: - description: HostIP is the IP address of the host the pod is - currently running on - type: string - name: - description: Name is the pod name - type: string - namespace: - description: Namespace is the pod namespace - type: string - podIP: - description: PodIP is the IP address of the pod - type: string - required: - - hostIP - - name - - namespace - - podIP - type: object - type: array - policyRef: - description: PolicyRef is a reference to the Kubernetes NetworkPolicy - resource. - properties: - name: - description: Name is the name of the Policy - type: string - namespace: - description: Namespace is the namespace of the Policy - type: string - required: - - name - - namespace - type: object - required: - - policyRef - type: object - status: - description: PolicyEndpointStatus defines the observed state of PolicyEndpoint - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system - ---- - -apiVersion: v1 -data: - branch-eni-cooldown: "60" - enable-network-policy-controller: "false" - enable-windows-ipam: "false" - enable-windows-prefix-delegation: "false" - minimum-ip-target: "3" - warm-ip-target: "1" - warm-prefix-target: "0" -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: amazon-vpc-cni - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.0 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -rules: -- apiGroups: - - crd.k8s.amazonaws.com - resources: - - eniconfigs - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - get -- apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints/status - verbs: - - get -- apiGroups: - - vpcresources.k8s.aws - resources: - - cninodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node -subjects: -- kind: ServiceAccount - name: aws-node - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-node - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/name: aws-node - k8s-app: aws-node - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - hybrid - - auto - containers: - - env: - - name: ADDITIONAL_ENI_TAGS - value: '{"KubernetesCluster":"minimal.example.com","kubernetes.io/cluster/minimal.example.com":"owned"}' - - name: AWS_VPC_CNI_NODE_PORT_SUPPORT - value: "true" - - name: AWS_VPC_ENI_MTU - value: "9001" - - name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER - value: "false" - - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG - value: "false" - - name: AWS_VPC_K8S_CNI_EXTERNALSNAT - value: "false" - - name: AWS_VPC_K8S_CNI_LOGLEVEL - value: DEBUG - - name: AWS_VPC_K8S_CNI_LOG_FILE - value: /host/var/log/aws-routed-eni/ipamd.log - - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT - value: prng - - name: AWS_VPC_K8S_CNI_VETHPREFIX - value: eni - - name: AWS_VPC_K8S_PLUGIN_LOG_FILE - value: /var/log/aws-routed-eni/plugin.log - - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL - value: DEBUG - - name: DISABLE_INTROSPECTION - value: "false" - - name: DISABLE_METRICS - value: "false" - - name: DISABLE_NETWORK_RESOURCE_PROVISIONING - value: "false" - - name: ENABLE_IPv4 - value: "true" - - name: ENABLE_IPv6 - value: "false" - - name: ENABLE_POD_ENI - value: "false" - - name: ENABLE_PREFIX_DELEGATION - value: "false" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - - name: NETWORK_POLICY_ENFORCING_MODE - value: standard - - name: WARM_ENI_TARGET - value: "1" - - name: WARM_PREFIX_TARGET - value: "1" - - name: VPC_CNI_VERSION - value: v1.19.2 - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CLUSTER_NAME - value: minimal.example.com - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.19.2 - livenessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 60 - timeoutSeconds: 10 - name: aws-node - ports: - - containerPort: 61678 - name: metrics - readinessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /host/var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - - mountPath: /run/xtables.lock - name: xtables-lock - - args: - - --enable-ipv6=false - - --enable-network-policy=false - - --enable-cloudwatch-logs=false - - --enable-policy-event-logs=false - - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - - --metrics-bind-addr=:8162 - - --health-probe-bind-addr=:8163 - - --conntrack-cache-cleanup-period=300 - env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.6 - name: aws-eks-nodeagent - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /sys/fs/bpf - name: bpf-pin-path - - mountPath: /var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - hostNetwork: true - initContainers: - - env: - - name: DISABLE_TCP_EARLY_DEMUX - value: "false" - - name: ENABLE_IPv6 - value: "false" - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.19.2 - name: aws-vpc-cni-init - resources: - requests: - cpu: 25m - securityContext: - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - priorityClassName: system-node-critical - serviceAccountName: aws-node - terminationGracePeriodSeconds: 10 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /sys/fs/bpf - name: bpf-pin-path - - hostPath: - path: /opt/cni/bin - name: cni-bin-dir - - hostPath: - path: /etc/cni/net.d - name: cni-net-dir - - hostPath: - path: /var/log/aws-routed-eni - type: DirectoryOrCreate - name: log-dir - - hostPath: - path: /var/run/aws-node - type: DirectoryOrCreate - name: run-dir - - hostPath: - path: /run/xtables.lock - type: FileOrCreate - name: xtables-lock - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content deleted file mode 100644 index da3a64de540e8..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content +++ /dev/null @@ -1,285 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - get -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - extensions - resources: - - daemonsets - verbs: - - get -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node-termination-handler -subjects: -- kind: ServiceAccount - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kubernetes.io/os: linux - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - k8s-app: aws-node-termination-handler - kops.k8s.io/managed-by: kops - kops.k8s.io/nth-mode: sqs - kubernetes.io/os: linux - spec: - containers: - - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_PROBES_SERVER - value: "true" - - name: PROBES_SERVER_PORT - value: "8080" - - name: PROBES_SERVER_ENDPOINT - value: /healthz - - name: LOG_LEVEL - value: info - - name: JSON_LOGGING - value: "true" - - name: LOG_FORMAT_VERSION - value: "2" - - name: ENABLE_PROMETHEUS_SERVER - value: "false" - - name: PROMETHEUS_SERVER_PORT - value: "9092" - - name: CHECK_TAG_BEFORE_DRAINING - value: "true" - - name: MANAGED_TAG - value: aws-node-termination-handler/managed - - name: USE_PROVIDER_ID - value: "true" - - name: DRY_RUN - value: "false" - - name: CORDON_ONLY - value: "false" - - name: TAINT_NODE - value: "false" - - name: EXCLUDE_FROM_LOAD_BALANCERS - value: "true" - - name: DELETE_LOCAL_DATA - value: "true" - - name: IGNORE_DAEMON_SETS - value: "true" - - name: POD_TERMINATION_GRACE_PERIOD - value: "-1" - - name: NODE_TERMINATION_GRACE_PERIOD - value: "120" - - name: EMIT_KUBERNETES_EVENTS - value: "true" - - name: COMPLETE_LIFECYCLE_ACTION_DELAY_SECONDS - value: "-1" - - name: ENABLE_SQS_TERMINATION_DRAINING - value: "true" - - name: QUEUE_URL - value: https://sqs.us-test-1.amazonaws.com/123456789012/minimal-example-com-nth - - name: DELETE_SQS_MSG_IF_NODE_NOT_FOUND - value: "false" - - name: WORKERS - value: "10" - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-node-termination-handler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/aws-ec2/aws-node-termination-handler:v1.22.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - name: aws-node-termination-handler - ports: - - containerPort: 8080 - name: liveness-probe - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - resources: - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - serviceAccountName: aws-node-termination-handler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 85ae1090ae213..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,206 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - kubernetes.io/cluster-service: "true" - name: node-local-dns - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: KubeDNSUpstream - name: kube-dns-upstream - namespace: kube-system -spec: - ports: - - name: dns - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 - selector: - k8s-app: kube-dns - ---- - -apiVersion: v1 -data: - Corefile: | - cluster.local:53 { - errors - cache { - success 9984 30 - denial 9984 5 - } - reload - loop - bind 169.254.20.10 - forward . __PILLAR__CLUSTER__DNS__ { - force_tcp - } - prometheus :9253 - health 169.254.20.10:3989 - } - in-addr.arpa:53 { - errors - cache 30 - reload - loop - bind 169.254.20.10 - forward . __PILLAR__CLUSTER__DNS__ { - force_tcp - } - prometheus :9253 - } - ip6.arpa:53 { - errors - cache 30 - reload - loop - bind 169.254.20.10 - forward . __PILLAR__CLUSTER__DNS__ { - force_tcp - } - prometheus :9253 - } - .:53 { - errors - cache 30 - reload - loop - bind 169.254.20.10 - forward . __PILLAR__UPSTREAM__SERVERS__ - prometheus :9253 - } - googleapis.com:53 { - bind 169.254.20.10 - forward . 10.238.1.130 - } -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - name: node-local-dns - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - k8s-app: node-local-dns - kubernetes.io/cluster-service: "true" - name: node-local-dns - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: node-local-dns - template: - metadata: - annotations: - prometheus.io/port: "9253" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - k8s-app: node-local-dns - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - -localip=169.254.20.10 - - -conf=/etc/Corefile - - -upstreamsvc=kube-dns-upstream - - -setupiptables=false - image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0 - livenessProbe: - httpGet: - host: 169.254.20.10 - path: /health - port: 3989 - initialDelaySeconds: 60 - timeoutSeconds: 5 - name: node-cache - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9253 - name: metrics - protocol: TCP - resources: - requests: - cpu: 25m - memory: 5Mi - securityContext: - capabilities: - add: - - NET_ADMIN - volumeMounts: - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /etc/coredns - name: config-volume - - mountPath: /etc/kube-dns - name: kube-dns-config - dnsPolicy: Default - hostNetwork: true - priorityClassName: system-node-critical - serviceAccountName: node-local-dns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: /run/xtables.lock - type: FileOrCreate - name: xtables-lock - - configMap: - name: kube-dns - optional: true - name: kube-dns-config - - configMap: - items: - - key: Corefile - path: Corefile.base - name: node-local-dns - name: config-volume - updateStrategy: - type: OnDelete diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content deleted file mode 100644 index f382104015a77..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content +++ /dev/null @@ -1,1372 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - shortNames: - - vsclass - - vsclasses - singular: volumesnapshotclass - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: true - subresources: {} - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotClass - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: false - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - shortNames: - - vsc - - vscs - singular: volumesnapshotcontent - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - oneOf: - - required: - - snapshotHandle - - required: - - volumeHandle - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotContent is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotContent - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshots.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - shortNames: - - vs - singular: volumesnapshot - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - oneOf: - - required: - - persistentVolumeClaimName - - required: - - volumeSnapshotContentName - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshot is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshot - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-runner -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: snapshot-controller-leaderelection -subjects: -- kind: ServiceAccount - name: snapshot-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: snapshot-controller-runner -subjects: -- kind: ServiceAccount - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system -spec: - minReadySeconds: 15 - replicas: 2 - selector: - matchLabels: - app: snapshot-controller - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --v=5 - - --leader-election=true - image: registry.k8s.io/sig-storage/snapshot-controller:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-controller - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app: snapshot-validation - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-deployment - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: snapshot-validation - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-validation - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt - - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key - image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-validation - ports: - - containerPort: 443 - volumeMounts: - - mountPath: /etc/snapshot-validation-webhook/certs - name: snapshot-validation-webhook-certs - readOnly: true - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: snapshot-validation-webhook-certs - secret: - secretName: snapshot-validation-secret - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: snapshot-validation - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/snapshot-validation-service - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: validation-webhook.snapshot.storage.k8s.io -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: snapshot-validation-service - namespace: kube-system - path: /volumesnapshot - failurePolicy: Ignore - name: validation-webhook.snapshot.storage.k8s.io - rules: - - apiGroups: - - snapshot.storage.k8s.io - apiVersions: - - v1 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - volumesnapshots - - volumesnapshotcontents - scope: '*' - sideEffects: None - timeoutSeconds: 2 - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - dnsNames: - - snapshot-validation-service.kube-system.svc - - snapshot-validation-service.kube-system.svc.minimal.example.com - issuerRef: - kind: Issuer - name: snapshot-controller.addons.k8s.io - secretName: snapshot-validation-secret diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content deleted file mode 100644 index e0ab5ef9902db..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ /dev/null @@ -1,334 +0,0 @@ -APIServerConfig: - API: - dns: {} - publicName: api.minimal.example.com - ClusterDNSDomain: cluster.local - KubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - ServiceAccountPublicKeys: | - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm - XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ== - -----END RSA PUBLIC KEY----- - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF - Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ== - -----END RSA PUBLIC KEY----- -Assets: - amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 - arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 -CAs: - apiserver-aggregator-ca: | - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gINaZLHjisEcbMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTExMloX - DTMxMDYzMDA0NTExMlowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQAHAomFKsF4jvYX - WM/UzQXDj9nSAFTf8dBPCXyZZNotsOH7+P6W4mMiuVs8bAuGiXGUdbsQ2lpiT/Rk - CzMeMdr4 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gM0nxQpiX/agfMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTIzMVoX - DTMxMDYzMDA0NTIzMVowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQCXsoezoxXu2CEN - QdlXZOfmBT6cqxIX/RMHXhpHwRiqPsTO8IO2bVA8CSzxNwMuSv/ZtrMHoh8+PcVW - HLtkTXH8 - -----END CERTIFICATE----- - etcd-clients-ca: | - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1ogHnr26DL9YkqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjE5MDFaFw0zMTA2Mjgx - NjE5MDFaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAAZAdf8ROEVkr3Rf7I+s+CQOil2toadlKWOY - qCeJ2XaEROfp9aUTEIU1MGM3g57MPyAPPU7mURskuOQz6B1UFaY= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1olfBnC/CsT+dqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjIwMzNaFw0zMTA2Mjgx - NjIwMzNaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAF1xUz77PlUVUnd9duF8F7plou0TONC9R6/E - YQ8C6vM1b+9NSDGjCW8YmwEU2fBgskb/BBX2lwVZ32/RUEju4Co= - -----END CERTIFICATE----- - etcd-manager-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bKjm04vB4rNtaMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAwOTU2WhcN - MzEwNzA1MjAwOTU2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKiC8tndMlEFZ7qzeKxeKqFVjaYpsh/H - g7RxWo15+1kgH3suO0lxp9+RxSVv97hnsfbySTPZVhy2cIQj7eZtZt8CAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBg6 - CEZkQNnRkARBwFce03AEWa+sMA0GCSqGSIb3DQEBCwUAA0EAJMnBThok/uUe8q8O - sS5q19KUuE8YCTUzMDj36EBKf6NX4NoakCa1h6kfQVtlMtEIMWQZCjbm8xGK5ffs - GS/VUw== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bQ+EgIiBmGghjMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAxMTQ2WhcN - MzEwNzA1MjAxMTQ2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKFhHVVxxDGv8d1jBvtdSxz7KIVoBOjL - DMxsmTsINiQkTQaFlb+XPlnY1ar4+RhE519AFUkqfhypk4Zxqf1YFXUCAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNuW - LLH5c8kDubDbr6BHgedW0iJ9MA0GCSqGSIb3DQEBCwUAA0EAiKUoBoaGu7XzboFE - hjfKlX0TujqWuW3qMxDEJwj4dVzlSLrAoB/G01MJ+xxYKh456n48aG6N827UPXhV - cPfVNg== - -----END CERTIFICATE----- - etcd-manager-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjm1c3jfv6hIMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAxbkDbGYmCSShpRG3r+lzTOFujyuruRfjOhYm - ZRX4w1Utd5y63dUc98sjc9GGUYMHd+0k1ql/a48tGhnK6N6jJwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWZLkbBFx - GAgPU4i62c52unSo7RswDQYJKoZIhvcNAQELBQADQQAj6Pgd0va/8FtkyMlnohLu - Gf4v8RJO6zk3Y6jJ4+cwWziipFM1ielMzSOZfFcCZgH3m5Io40is4hPSqyq2TOA6 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eg8Si30gr4MA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAw33jzcd/iosN04b0WXbDt7B0c3sJ3aafcGLP - vG3xRB9N5bYr9+qZAq3mzAFkxscn4j1ce5b1/GKTDEAClmZgdQIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUE/h+3gDP - DvKwHRyiYlXM8voZ1wowDQYJKoZIhvcNAQELBQADQQBXuimeEoAOu5HN4hG7NqL9 - t40K3ZRhRZv3JQWnRVJCBDjg1rD0GQJR/n+DoWvbeijI5C9pNjr2pWSIYR1eYCvd - -----END CERTIFICATE----- - etcd-peers-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjmxTPh3/lYJMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAv5g4HF2xmrYyouJfY9jXx1M3gPLD/pupvxPY - xyjJw5pNCy5M5XGS3iTqRD5RDE0fWudVHFZKLIe8WPc06NApXwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUf6xiDI+O - Yph1ziCGr2hZaQYt+fUwDQYJKoZIhvcNAQELBQADQQBBxj5hqEQstonTb8lnqeGB - DEYtUeAk4eR/HzvUMjF52LVGuvN3XVt+JTrFeKNvb6/RDUbBNRj3azalcUkpPh6V - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eq69jgzpKwMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAo5Nj2CjX1qp3mEPw1H5nHAFWLoGNSLSlRFJW - 03NxaNPMFzL5PrCoyOXrX8/MWczuZYw0Crf8EPOOQWi2+W0XLwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxauhhKQh - cvdZND78rHe0RQVTTiswDQYJKoZIhvcNAQELBQADQQB+cq4jIS9q0zXslaRa+ViI - J+dviA3sMygbmSJO0s4DxYmoazKJblux5q0ASSvS9iL1l9ShuZ1dWyp2tpZawHyb - -----END CERTIFICATE----- - etcd-peers-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bKjmuLDDLcDHsMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDA5NTZaFw0zMTA3 - MDUyMDA5NTZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCyRaXWpwgN6INQqws9p/BvPElJv2Rno9dVTFhlQqDA - aUJXe7MBmiO4NJcW76EozeBh5ztR3/4NE1FM2x8TisS3AgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtE1d49uSvpURf - OQ25Vlu6liY20DANBgkqhkiG9w0BAQsFAANBAAgLVaetJZcfOA3OIMMvQbz2Ydrt - uWF9BKkIad8jrcIrm3IkOtR8bKGmDIIaRKuG/ZUOL6NMe2fky3AAfKwleL4= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bQ+EuVthBfuZvMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDExNDZaFw0zMTA3 - MDUyMDExNDZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCxNbycDZNx5V1ZOiXxZSvaFpHRwKeHDfcuMUitdoPt - naVMlMTGDWAMuCVmFHFAWohIYynemEegmZkZ15S7AErfAgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAjQ8T4HclPIsC - qipEfUIcLP6jqTANBgkqhkiG9w0BAQsFAANBAJdZ17TN3HlWrH7HQgfR12UBwz8K - G9DurDznVaBVUYaHY8Sg5AvAXeb+yIF2JMmRR+bK+/G1QYY2D3/P31Ic2Oo= - -----END CERTIFICATE----- - kubernetes-ca: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- -ClusterName: minimal.example.com -ControlPlaneConfig: - KubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 -DNSZone: Z1AFAKE1ZON3YO -DefaultMachineType: m3.medium -EtcdClusterNames: -- main -- events -FileAssets: -- content: | - apiVersion: kubescheduler.config.k8s.io/v1 - clientConnection: - kubeconfig: /var/lib/kube-scheduler/kubeconfig - kind: KubeSchedulerConfiguration - path: /var/lib/kube-scheduler/config.yaml -Hooks: -- null -- null -KeypairIDs: - apiserver-aggregator-ca: "6980187172486667078076483355" - etcd-clients-ca: "6979622252718071085282986282" - etcd-manager-ca-events: "6982279354000777253151890266" - etcd-manager-ca-main: "6982279354000936168671127624" - etcd-peers-ca-events: "6982279353999767935825892873" - etcd-peers-ca-main: "6982279353998887468930183660" - kubernetes-ca: "6982820025135291416230495506" - service-account: "2" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/kops-controller-pki: "" - node-role.kubernetes.io/control-plane: "" - node.kubernetes.io/exclude-from-external-load-balancers: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - taints: - - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -channels: -- memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml -configStore: - keypairs: memfs://clusters.example.com/minimal.example.com/pki - secrets: memfs://clusters.example.com/minimal.example.com/secrets -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -etcdManifests: -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml -staticManifests: -- key: kube-apiserver-healthcheck - path: manifests/static/kube-apiserver-healthcheck.yaml -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index 6efd7bab6086d..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,62 +0,0 @@ -Assets: - amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -DefaultMachineType: t2.medium -Hooks: -- null -- null -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml deleted file mode 100644 index 706327e30f4d5..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - clusterAutoscaler: - enabled: true - metricsServer: - enabled: true - kubernetesApiAccess: - - 0.0.0.0/0 - channel: stable - cloudConfig: - awsEBSCSIDriver: - enabled: true - cloudControllerManager: - cloudProvider: aws - cloudProvider: aws - configBase: memfs://clusters.example.com/minimal.example.com - etcdClusters: - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: main - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: events - iam: - useServiceAccountExternalPermissions: true - kubelet: - anonymousAuth: false - kubeDNS: - nodeLocalDNS: - enabled: true - additionalConfig: | - googleapis.com:53 { - bind 169.254.20.10 - forward . 10.238.1.130 - } - kubernetesVersion: v1.26.0 - masterPublicName: api.minimal.example.com - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - enabled: true - nonMasqueradeCIDR: 172.20.0.0/16 - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: nodes - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: t2.medium - maxSize: 2 - minSize: 2 - role: Node - subnets: - - us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: master-us-test-1a - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: m3.medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test-1a diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf deleted file mode 100644 index dd630a64388a6..0000000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf +++ /dev/null @@ -1,1213 +0,0 @@ -locals { - cluster_name = "minimal.example.com" - iam_openid_connect_provider_arn = aws_iam_openid_connect_provider.minimal-example-com.arn - iam_openid_connect_provider_issuer = "discovery.example.com/minimal.example.com" - kube-system-aws-cloud-controller-manager_role_arn = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn - kube-system-aws-cloud-controller-manager_role_name = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name - kube-system-aws-load-balancer-controller_role_arn = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn - kube-system-aws-load-balancer-controller_role_name = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name - kube-system-aws-node-termination-handler_role_arn = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn - kube-system-aws-node-termination-handler_role_name = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name - kube-system-cluster-autoscaler_role_arn = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn - kube-system-cluster-autoscaler_role_name = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name - kube-system-dns-controller_role_arn = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn - kube-system-dns-controller_role_name = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name - kube-system-ebs-csi-controller-sa_role_arn = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn - kube-system-ebs-csi-controller-sa_role_name = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name - master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] - master_security_group_ids = [aws_security_group.masters-minimal-example-com.id] - masters_role_arn = aws_iam_role.masters-minimal-example-com.arn - masters_role_name = aws_iam_role.masters-minimal-example-com.name - node_autoscaling_group_ids = [aws_autoscaling_group.nodes-minimal-example-com.id] - node_security_group_ids = [aws_security_group.nodes-minimal-example-com.id] - node_subnet_ids = [aws_subnet.us-test-1a-minimal-example-com.id] - nodes_role_arn = aws_iam_role.nodes-minimal-example-com.arn - nodes_role_name = aws_iam_role.nodes-minimal-example-com.name - region = "us-test-1" - route_table_public_id = aws_route_table.minimal-example-com.id - subnet_us-test-1a_id = aws_subnet.us-test-1a-minimal-example-com.id - vpc_cidr_block = aws_vpc.minimal-example-com.cidr_block - vpc_id = aws_vpc.minimal-example-com.id - vpc_ipv6_cidr_block = aws_vpc.minimal-example-com.ipv6_cidr_block - vpc_ipv6_cidr_length = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -output "cluster_name" { - value = "minimal.example.com" -} - -output "iam_openid_connect_provider_arn" { - value = aws_iam_openid_connect_provider.minimal-example-com.arn -} - -output "iam_openid_connect_provider_issuer" { - value = "discovery.example.com/minimal.example.com" -} - -output "kube-system-aws-cloud-controller-manager_role_arn" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-cloud-controller-manager_role_name" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-load-balancer-controller_role_arn" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-load-balancer-controller_role_name" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-node-termination-handler_role_arn" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-node-termination-handler_role_name" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-cluster-autoscaler_role_arn" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-cluster-autoscaler_role_name" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-dns-controller_role_arn" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-dns-controller_role_name" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-ebs-csi-controller-sa_role_arn" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-ebs-csi-controller-sa_role_name" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -output "master_autoscaling_group_ids" { - value = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] -} - -output "master_security_group_ids" { - value = [aws_security_group.masters-minimal-example-com.id] -} - -output "masters_role_arn" { - value = aws_iam_role.masters-minimal-example-com.arn -} - -output "masters_role_name" { - value = aws_iam_role.masters-minimal-example-com.name -} - -output "node_autoscaling_group_ids" { - value = [aws_autoscaling_group.nodes-minimal-example-com.id] -} - -output "node_security_group_ids" { - value = [aws_security_group.nodes-minimal-example-com.id] -} - -output "node_subnet_ids" { - value = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -output "nodes_role_arn" { - value = aws_iam_role.nodes-minimal-example-com.arn -} - -output "nodes_role_name" { - value = aws_iam_role.nodes-minimal-example-com.name -} - -output "region" { - value = "us-test-1" -} - -output "route_table_public_id" { - value = aws_route_table.minimal-example-com.id -} - -output "subnet_us-test-1a_id" { - value = aws_subnet.us-test-1a-minimal-example-com.id -} - -output "vpc_cidr_block" { - value = aws_vpc.minimal-example-com.cidr_block -} - -output "vpc_id" { - value = aws_vpc.minimal-example-com.id -} - -output "vpc_ipv6_cidr_block" { - value = aws_vpc.minimal-example-com.ipv6_cidr_block -} - -output "vpc_ipv6_cidr_length" { - value = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -provider "aws" { - region = "us-test-1" -} - -provider "aws" { - alias = "files" - region = "us-test-1" -} - -resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.master-us-test-1a-masters-minimal-example-com.id - version = aws_launch_template.master-us-test-1a-masters-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 1 - metrics_granularity = "1Minute" - min_size = 1 - name = "master-us-test-1a.masters.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "master-us-test-1a.masters.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/control-plane" - propagate_at_launch = true - value = "1" - } - tag { - key = "k8s.io/role/master" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "master-us-test-1a" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_group" "nodes-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.nodes-minimal-example-com.id - version = aws_launch_template.nodes-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 2 - metrics_granularity = "1Minute" - min_size = 2 - name = "nodes.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "nodes.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/node" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "nodes" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_lifecycle_hook" "master-us-test-1a-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "master-us-test-1a-NTHLifecycleHook" -} - -resource "aws_autoscaling_lifecycle_hook" "nodes-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.nodes-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "nodes-NTHLifecycleHook" -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-ASGLifecycle" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern") - name = "minimal.example.com-ASGLifecycle" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-ASGLifecycle" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceScheduledChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern") - name = "minimal.example.com-InstanceScheduledChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceScheduledChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceStateChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern") - name = "minimal.example.com-InstanceStateChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceStateChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-SpotInterruption" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern") - name = "minimal.example.com-SpotInterruption" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-SpotInterruption" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-ASGLifecycle-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-ASGLifecycle.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceScheduledChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceScheduledChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceStateChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceStateChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-SpotInterruption-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-SpotInterruption.id -} - -resource "aws_ebs_volume" "us-test-1a-etcd-events-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-events.minimal.example.com" - "k8s.io/etcd/events" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_ebs_volume" "us-test-1a-etcd-main-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-main.minimal.example.com" - "k8s.io/etcd/main" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_iam_instance_profile" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - role = aws_iam_role.masters-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_instance_profile" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - role = aws_iam_role.nodes-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_openid_connect_provider" "minimal-example-com" { - client_id_list = ["amazonaws.com"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280", "a9d53002e97e00e043244f3d170d6f4c414104fd"] - url = "https://discovery.example.com/minimal.example.com" -} - -resource "aws_iam_role" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-cloud-controller-manager" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-load-balancer-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-node-termination-handler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "cluster-autoscaler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "cluster-autoscaler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "dns-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy") - name = "dns-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "dns-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "dns-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "ebs-csi-controller-sa" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "masters-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_masters.minimal.example.com_policy") - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role" "nodes-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.minimal.example.com_policy") - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role_policy" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "dns-controller-kube-system-sa-minimal-example-com" { - name = "dns-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_masters.minimal.example.com_policy") - role = aws_iam_role.masters-minimal-example-com.name -} - -resource "aws_iam_role_policy" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_nodes.minimal.example.com_policy") - role = aws_iam_role.nodes-minimal-example-com.name -} - -resource "aws_internet_gateway" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_key_pair" "kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { - key_name = "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" - public_key = file("${path.module}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 64 - volume_type = "gp3" - } - } - block_device_mappings { - device_name = "/dev/sdc" - virtual_name = "ephemeral0" - } - iam_instance_profile { - name = aws_iam_instance_profile.masters-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "m3.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "master-us-test-1a.masters.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.masters-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data") -} - -resource "aws_launch_template" "nodes-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 128 - volume_type = "gp3" - } - } - iam_instance_profile { - name = aws_iam_instance_profile.nodes-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "t2.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "nodes.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.nodes-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_nodes.minimal.example.com_user_data") -} - -resource "aws_route" "route-0-0-0-0--0" { - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route" "route-__--0" { - destination_ipv6_cidr_block = "::/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route_table" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/kops/role" = "public" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_route_table_association" "us-test-1a-minimal-example-com" { - route_table_id = aws_route_table.minimal-example-com.id - subnet_id = aws_subnet.us-test-1a-minimal-example-com.id -} - -resource "aws_s3_object" "cluster-completed-spec" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_cluster-completed.spec_content") - key = "clusters.example.com/minimal.example.com/cluster-completed.spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "discovery-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_discovery.json_content") - key = "discovery.example.com/minimal.example.com/.well-known/openid-configuration" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-events" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-events_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/events/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-main" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-main_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/main/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "keys-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_keys.json_content") - key = "discovery.example.com/minimal.example.com/openid/v1/jwks" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "kops-version-txt" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_kops-version.txt_content") - key = "clusters.example.com/minimal.example.com/kops-version.txt" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-events-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-main-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-static-kube-apiserver-healthcheck" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content") - key = "clusters.example.com/minimal.example.com/manifests/static/kube-apiserver-healthcheck.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-cloud-controller-addons-k8s-io-k8s-1-18" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content") - key = "clusters.example.com/minimal.example.com/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-ebs-csi-driver-addons-k8s-io-k8s-1-17" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content") - key = "clusters.example.com/minimal.example.com/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-load-balancer-controller-addons-k8s-io-k8s-1-19" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content") - key = "clusters.example.com/minimal.example.com/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-bootstrap" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content") - key = "clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-certmanager-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/certmanager.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-cluster-autoscaler-addons-k8s-io-k8s-1-15" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content") - key = "clusters.example.com/minimal.example.com/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-coredns-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/coredns.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kops-controller-addons-k8s-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s-io-k8s-1-9" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content") - key = "clusters.example.com/minimal.example.com/addons/kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") - key = "clusters.example.com/minimal.example.com/addons/limit-range.addons.k8s.io/v1.5.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-metrics-server-addons-k8s-io-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-networking-amazon-vpc-routed-eni-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-node-termination-handler-aws-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/node-termination-handler.aws/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-nodelocaldns-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-snapshot-controller-addons-k8s-io-k8s-1-20" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content") - key = "clusters.example.com/minimal.example.com/addons/snapshot-controller.addons.k8s.io/k8s-1.20.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-storage-aws-addons-k8s-io-v1-15-0" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content") - key = "clusters.example.com/minimal.example.com/addons/storage-aws.addons.k8s.io/v1.15.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/igconfig/control-plane/master-us-test-1a/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-nodes" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-nodes_content") - key = "clusters.example.com/minimal.example.com/igconfig/node/nodes/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_security_group" "masters-minimal-example-com" { - description = "Security group for masters" - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group" "nodes-minimal-example-com" { - description = "Security group for nodes" - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 443 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" { - from_port = 1 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 2379 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" { - from_port = 2382 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 4000 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" { - from_port = 4003 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" { - from_port = 1 - protocol = "udp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_sqs_queue" "minimal-example-com-nth" { - message_retention_seconds = 300 - name = "minimal-example-com-nth" - policy = file("${path.module}/data/aws_sqs_queue_minimal-example-com-nth_policy") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal-example-com-nth" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_subnet" "us-test-1a-minimal-example-com" { - availability_zone = "us-test-1a" - cidr_block = "172.20.32.0/19" - enable_resource_name_dns_a_record_on_launch = true - private_dns_hostname_type_on_launch = "resource-name" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.minimal.example.com" - "SubnetType" = "Public" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/role/elb" = "1" - "kubernetes.io/role/internal-elb" = "1" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_vpc" "minimal-example-com" { - assign_generated_ipv6_cidr_block = true - cidr_block = "172.20.0.0/16" - enable_dns_hostnames = true - enable_dns_support = true - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options" "minimal-example-com" { - domain_name = "us-test-1.compute.internal" - domain_name_servers = ["AmazonProvidedDNS"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options_association" "minimal-example-com" { - dhcp_options_id = aws_vpc_dhcp_options.minimal-example-com.id - vpc_id = aws_vpc.minimal-example-com.id -} - -terraform { - required_version = ">= 0.15.0" - required_providers { - aws = { - "configuration_aliases" = [aws.files] - "source" = "hashicorp/aws" - "version" = ">= 5.0.0" - } - } -} diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 9af0407f43c58..5d45c63144a28 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: HH8aRPUhTNryZhNJjTS2WyV7pknrCKOputT0hsP6zhE= +NodeupConfigHash: CCWUMNqGuVfITz/0kru71whAP0nxzYrnga6a/Rw0K40= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data index d07e053bbfef1..cba14213d9b73 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: NHK9Yo7WiTTs4Qyubod93kDSK9juC3Eohviy4hytfEA= +NodeupConfigHash: ZM27eswIGASeycbkw13naZ3DO3MVAltzBMqxGoYg4uQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content index c58319695083d..39d32c55a9a32 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content @@ -24,7 +24,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -35,7 +35,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -50,8 +50,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -101,10 +101,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -130,10 +127,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,13 +148,10 @@ spec: serverIP: 100.64.0.10 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -173,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -186,7 +174,7 @@ spec: shutdownGracePeriodCriticalPods: 0s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -196,9 +184,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index c5e3560adfaec..471407e633cac 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index be80061b0c321..547e3ca87f205 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 45d2bf5133e21bd182463572db9f524648214e3123c8273609d0112cd9ca925a + manifestHash: d5dcf7453514dd91793ba54ba4e6f1324e6950474124da5cb6b9a5d710770970 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -186,7 +186,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 334f09c00a6de13f41e42f92d2e82a4fa6e49379bc3ce447cfa30cf489dcdb2d + manifestHash: e380fd16dbd03fc2001fcf8e5ff7eebefa2e37b377e475daed57ff2e5923415d name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 8ee1951ec6bd4..cf0694597829a 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -334,6 +334,7 @@ spec: - --nodes=2:2:nodes.minimal.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -348,7 +349,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index d0069d38218eb..21240dc87e6c4 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -27,10 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,19 +57,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -308,7 +298,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 0s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content index fdeb11e6aa414..67bc78208d35a 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 0s shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml index a4a667110a887..8d3e4360ef39d 100644 --- a/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf index 7d570b6a0f92e..50f3723d29b65 100644 --- a/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf @@ -435,7 +435,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -517,7 +517,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content index e62f20dfe8e21..3ac4fcc747eb1 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content @@ -35,7 +35,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -50,8 +50,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -106,7 +106,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -132,7 +132,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,10 +154,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -182,7 +182,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index bee60d223c7bd..6fbc8d2630abc 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: a60534cf6f674d86d17a32490fef182ebf5d821523402ea8cbb1d589eaec5031 + manifestHash: 7aaa72ea23224ce59b6009ea711f2cc50f20279aa586e7aa1f75961f990f103b name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -124,13 +124,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 3c55d971edba1793b82df1a202b0f429a778f2f4f8294c010d7a4fb7aca70c8b diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index c965962623ef0..c4a9bce366467 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -333,6 +333,7 @@ spec: - --nodes=1:1:https://www.googleapis.com/compute/v1/projects/testproject/zones/us-test1-a/instanceGroups/a-nodes-minimal-example-com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -344,7 +345,7 @@ spec: - --logtostderr=true - --stderrthreshold=info - --v=4 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index f6af3d3730b22..1fbf3d31ffe3c 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content index 8e74ebe3cec63..c50e433be8f7b 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data index a6656454b56c9..e1854203656db 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data +++ b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: NVq2buFLXmvajoLs0UdorRuSJQXVkNbMK6MqpAP6kso= +NodeupConfigHash: ewxl47dOjxDfCDhbhBwKfWRgGoGyVj72YVK/+VuMGIY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data index 6581d3a60a89c..a9832f4988605 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data +++ b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: sHL0VmYL4D2ViGwzpr3tatLQ8udKJAjOz2ixNuMw7sk= +NodeupConfigHash: Co9Ghp9TWWSVazeT2W/5VjT7AOCP9LmWYphZMnNXsws= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml index 6e3e3938a6ba0..3cb448ccf4db3 100644 --- a/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml @@ -38,7 +38,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/many-addons-gce/kubernetes.tf b/tests/integration/update_cluster/many-addons-gce/kubernetes.tf index fb65ca1415743..fb9ef224d1d49 100644 --- a/tests/integration/update_cluster/many-addons-gce/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-gce/kubernetes.tf @@ -162,14 +162,6 @@ resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-example-com-addons-metrics-server-addons-k8s-io-k8s-1-11" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content") diff --git a/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data b/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data index ebc4c1c32ceed..465587e390f9f 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data +++ b/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: many-addons.example.com ConfigBase: memfs://tests/many-addons.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: zLx1J+fYujAlGPU4Lev+ai7Cqn2znIhMKaZUFp2d/no= +NodeupConfigHash: I1PVBbGzfntcfKT5S0aAQJ5HtQt3TmMM9MyOfffwBhg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data b/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data index e57b09478ee3a..865708ceb6811 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data +++ b/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.many-addons.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: pGIQIvt5m7LMeo+3mPovrkk9GcKMBDkKSpjxohT+8XM= +NodeupConfigHash: 5cEYwIVLyIe4gfon/kCYft4IoiCgkmvWIVJqCOIdfkc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content index f222beddf7370..d0803dbb02a2e 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content @@ -24,7 +24,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: many-addons.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -35,7 +35,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s podAnnotations: @@ -52,8 +52,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -103,10 +103,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -132,10 +129,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: many-addons.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -156,13 +150,10 @@ spec: serverIP: 100.64.0.10 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -175,9 +166,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -188,7 +176,7 @@ spec: shutdownGracePeriodCriticalPods: 0s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -198,9 +186,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 51fff433ed9ff..1ba2ed63c5c53 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content index 71dd7584f56bb..32a4e51c20180 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 71a012ed60039621b6a6fd395d82076e3ca157dd101287f612c46256b2a06f72 + manifestHash: dc90792d93e32f23cb13d0621c4837e6339f7f434801a4294006539693199550 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 44be0298541ea2f643250d74df219ea0846304d14bbb49529773830e028106e9 + manifestHash: bb64e4cd537511ccc8275e6e20cc77d1410916ac81325ec0e4e2f05462bde200 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -235,7 +235,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 587b5a63fa85504fa2b5bf9a32133467131f46aa47812e5862126f8a080046f8 + manifestHash: 1b5b7422b12e6e018629f38ead12d89df5d46e5ee4e7f1cbb56b5c0d67ed02e3 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 8d447eee7a801..d838422903efa 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -335,6 +335,7 @@ spec: - --nodes=2:2:nodes.many-addons.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -349,7 +350,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 1f60443481f51..a6eb8edb196c3 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9d27f90c06b53..81ab86e51fe38 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -27,10 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,19 +57,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 172.20.128.0/17 clusterName: many-addons.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -308,7 +298,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 0s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/many-addons.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/many-addons.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content index 46a98242bf227..00cd1ee17ae0b 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 0s shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml index 9a857149c67eb..392bf725ef619 100644 --- a/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml @@ -36,7 +36,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.many-addons.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons/kubernetes.tf b/tests/integration/update_cluster/many-addons/kubernetes.tf index 3040e8911fb55..ceb03fd1bd25f 100644 --- a/tests/integration/update_cluster/many-addons/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-many-addons-example-co http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-many-addons-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern deleted file mode 100644 index c8db9dbe9c41b..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source":["aws.autoscaling"],"detail-type":["EC2 Instance-terminate Lifecycle Action"]} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern deleted file mode 100644 index fb4ea7defdc52..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.health"],"detail-type": ["AWS Health Event"],"detail": {"service": ["EC2"],"eventTypeCategory": ["scheduledChange"]}} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern deleted file mode 100644 index 8c2916419dc7d..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Instance State-change Notification"]} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern deleted file mode 100644 index 2d0e83b4164b2..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Spot Instance Interruption Warning"]} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5ae1e..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5ae1e..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key deleted file mode 100644 index 81cb0127830e7..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data deleted file mode 100644 index 0813a4d05f1df..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data +++ /dev/null @@ -1,161 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigServer: - CACertificates: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- - servers: - - https://kops-controller.internal.minimal.example.com:3988/ -InstanceGroupName: nodes -InstanceGroupRole: Node -NodeupConfigHash: 3zDCnF/Zr465wzcKEQpekr6B2/9LITss9ETt11GACtM= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content deleted file mode 100644 index 432cd0d5554c5..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content deleted file mode 100644 index 432cd0d5554c5..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content deleted file mode 100644 index b7340298dcdd5..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content +++ /dev/null @@ -1 +0,0 @@ -1.21.0-alpha.1 diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content deleted file mode 100644 index 21a36c9bb0d56..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null -spec: - containers: - - args: - - --ca-cert=/secrets/ca.crt - - --client-cert=/secrets/client.crt - - --client-key=/secrets/client.key - image: registry.k8s.io/kops/kube-apiserver-healthcheck:1.31.0-beta.1 - livenessProbe: - httpGet: - host: 127.0.0.1 - path: /.kube-apiserver-healthcheck/healthz - port: 3990 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: healthcheck - resources: {} - securityContext: - runAsNonRoot: true - runAsUser: 10012 - volumeMounts: - - mountPath: /secrets - name: healthcheck-secrets - readOnly: true - volumes: - - hostPath: - path: /etc/kubernetes/kube-apiserver-healthcheck/secrets - type: Directory - name: healthcheck-secrets -status: {} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 31d86455d155c..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,383 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/cluster-service: "true" - name: coredns - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - namespaces - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:coredns -subjects: -- kind: ServiceAccount - name: coredns - namespace: kube-system - ---- - -apiVersion: v1 -data: - Corefile: |- - .:53 { - errors - health { - lameduck 5s - } - ready - kubernetes cluster.local. in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - } - prometheus :9153 - forward . /etc/resolv.conf { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance - } -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - addonmanager.kubernetes.io/mode: EnsureExists - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: coredns - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kube-dns - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - k8s-app: kube-dns - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - -conf - - /etc/coredns/Corefile - image: registry.k8s.io/coredns/coredns:v1.11.3 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: ScheduleAnyway - volumes: - - configMap: - name: coredns - name: config-volume - ---- - -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "9153" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: kube-dns - namespace: kube-system - resourceVersion: "0" -spec: - clusterIP: 100.64.0.10 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP - - name: metrics - port: 9153 - protocol: TCP - selector: - k8s-app: kube-dns - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: kube-dns - namespace: kube-system -spec: - maxUnavailable: 50% - selector: - matchLabels: - k8s-app: kube-dns - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers/scale - verbs: - - get - - update -- apiGroups: - - extensions - - apps - resources: - - deployments/scale - - replicasets/scale - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coredns-autoscaler -subjects: -- kind: ServiceAccount - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: coredns-autoscaler - kubernetes.io/cluster-service: "true" - name: coredns-autoscaler - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: coredns-autoscaler - template: - metadata: - creationTimestamp: null - labels: - k8s-app: coredns-autoscaler - kops.k8s.io/managed-by: kops - spec: - containers: - - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=coredns-autoscaler - - --target=Deployment/coredns - - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}} - - --logtostderr=true - - --v=2 - image: registry.k8s.io/cpa/cluster-proportional-autoscaler:v1.8.9 - name: autoscaler - resources: - requests: - cpu: 20m - memory: 10Mi - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns-autoscaler - tolerations: - - key: CriticalAddonsOnly - operator: Exists diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content deleted file mode 100644 index 36761e1c56255..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kubelet-api.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kubelet-api.rbac.addons.k8s.io - name: kops:system:kubelet-api-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kubelet-api-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: kubelet-api diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content deleted file mode 100644 index 4dcdce48b9ab9..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: LimitRange -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: limit-range.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: limit-range.addons.k8s.io - name: limits - namespace: default -spec: - limits: - - defaultRequest: - cpu: 100m - type: Container diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content deleted file mode 100644 index bea3e88be3ce7..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: default -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: gp2 -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-ssd-1-17 -parameters: - encrypted: "true" - type: gp2 -provisioner: kubernetes.io/aws-ebs -volumeBindingMode: WaitForFirstConsumer - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-csi-1-21 -parameters: - encrypted: "true" - type: gp3 -provisioner: ebs.csi.aws.com -volumeBindingMode: WaitForFirstConsumer - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:aws-cloud-provider -subjects: -- kind: ServiceAccount - name: aws-cloud-provider - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index 74d336f35e66d..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,65 +0,0 @@ -Assets: - amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -Hooks: -- null -- null -InstallCNIAssets: true -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - clusterCIDR: 100.96.0.0/11 - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/instancegroup: nodes-us-test-1a - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 30s - shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 -Networking: - nonMasqueradeCIDR: 100.64.0.0/10 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy deleted file mode 100644 index c5b2b25812f36..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Statement": [ - { - "Action": "sqs:SendMessage", - "Effect": "Allow", - "Principal": { - "Service": [ - "events.amazonaws.com", - "sqs.amazonaws.com" - ] - }, - "Resource": "arn:aws-test:sqs:us-test-1:123456789012:minimal-example-com-nth" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/minimal-1.25/id_rsa.pub b/tests/integration/update_cluster/minimal-1.25/id_rsa.pub deleted file mode 100755 index 81cb0127830e7..0000000000000 --- a/tests/integration/update_cluster/minimal-1.25/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern deleted file mode 100644 index c8db9dbe9c41b..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source":["aws.autoscaling"],"detail-type":["EC2 Instance-terminate Lifecycle Action"]} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern deleted file mode 100644 index fb4ea7defdc52..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.health"],"detail-type": ["AWS Health Event"],"detail": {"service": ["EC2"],"eventTypeCategory": ["scheduledChange"]}} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern deleted file mode 100644 index 8c2916419dc7d..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Instance State-change Notification"]} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern deleted file mode 100644 index 2d0e83b4164b2..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Spot Instance Interruption Warning"]} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5ae1e..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5ae1e..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key deleted file mode 100644 index 81cb0127830e7..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data deleted file mode 100644 index 1869a13ab9da9..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data +++ /dev/null @@ -1,161 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigServer: - CACertificates: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- - servers: - - https://kops-controller.internal.minimal.example.com:3988/ -InstanceGroupName: nodes -InstanceGroupRole: Node -NodeupConfigHash: 6042fC55eyeSm2rv5AC0lnxFtEHRCHut6IC6W/f91QQ= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content deleted file mode 100644 index 432cd0d5554c5..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content deleted file mode 100644 index 432cd0d5554c5..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content deleted file mode 100644 index b7340298dcdd5..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content +++ /dev/null @@ -1 +0,0 @@ -1.21.0-alpha.1 diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content deleted file mode 100644 index 21a36c9bb0d56..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null -spec: - containers: - - args: - - --ca-cert=/secrets/ca.crt - - --client-cert=/secrets/client.crt - - --client-key=/secrets/client.key - image: registry.k8s.io/kops/kube-apiserver-healthcheck:1.31.0-beta.1 - livenessProbe: - httpGet: - host: 127.0.0.1 - path: /.kube-apiserver-healthcheck/healthz - port: 3990 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: healthcheck - resources: {} - securityContext: - runAsNonRoot: true - runAsUser: 10012 - volumeMounts: - - mountPath: /secrets - name: healthcheck-secrets - readOnly: true - volumes: - - hostPath: - path: /etc/kubernetes/kube-apiserver-healthcheck/secrets - type: Directory - name: healthcheck-secrets -status: {} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 31d86455d155c..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,383 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/cluster-service: "true" - name: coredns - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - namespaces - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:coredns -subjects: -- kind: ServiceAccount - name: coredns - namespace: kube-system - ---- - -apiVersion: v1 -data: - Corefile: |- - .:53 { - errors - health { - lameduck 5s - } - ready - kubernetes cluster.local. in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - } - prometheus :9153 - forward . /etc/resolv.conf { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance - } -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - addonmanager.kubernetes.io/mode: EnsureExists - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: coredns - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kube-dns - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - k8s-app: kube-dns - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - -conf - - /etc/coredns/Corefile - image: registry.k8s.io/coredns/coredns:v1.11.3 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: ScheduleAnyway - volumes: - - configMap: - name: coredns - name: config-volume - ---- - -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "9153" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: kube-dns - namespace: kube-system - resourceVersion: "0" -spec: - clusterIP: 100.64.0.10 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP - - name: metrics - port: 9153 - protocol: TCP - selector: - k8s-app: kube-dns - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: kube-dns - namespace: kube-system -spec: - maxUnavailable: 50% - selector: - matchLabels: - k8s-app: kube-dns - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers/scale - verbs: - - get - - update -- apiGroups: - - extensions - - apps - resources: - - deployments/scale - - replicasets/scale - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coredns-autoscaler -subjects: -- kind: ServiceAccount - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: coredns-autoscaler - kubernetes.io/cluster-service: "true" - name: coredns-autoscaler - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: coredns-autoscaler - template: - metadata: - creationTimestamp: null - labels: - k8s-app: coredns-autoscaler - kops.k8s.io/managed-by: kops - spec: - containers: - - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=coredns-autoscaler - - --target=Deployment/coredns - - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}} - - --logtostderr=true - - --v=2 - image: registry.k8s.io/cpa/cluster-proportional-autoscaler:v1.8.9 - name: autoscaler - resources: - requests: - cpu: 20m - memory: 10Mi - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns-autoscaler - tolerations: - - key: CriticalAddonsOnly - operator: Exists diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content deleted file mode 100644 index 36761e1c56255..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kubelet-api.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kubelet-api.rbac.addons.k8s.io - name: kops:system:kubelet-api-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kubelet-api-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: kubelet-api diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content deleted file mode 100644 index 4dcdce48b9ab9..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: LimitRange -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: limit-range.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: limit-range.addons.k8s.io - name: limits - namespace: default -spec: - limits: - - defaultRequest: - cpu: 100m - type: Container diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content deleted file mode 100644 index bea3e88be3ce7..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: default -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: gp2 -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-ssd-1-17 -parameters: - encrypted: "true" - type: gp2 -provisioner: kubernetes.io/aws-ebs -volumeBindingMode: WaitForFirstConsumer - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-csi-1-21 -parameters: - encrypted: "true" - type: gp3 -provisioner: ebs.csi.aws.com -volumeBindingMode: WaitForFirstConsumer - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:aws-cloud-provider -subjects: -- kind: ServiceAccount - name: aws-cloud-provider - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index 4fd7e81731c8d..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,65 +0,0 @@ -Assets: - amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -Hooks: -- null -- null -InstallCNIAssets: true -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - clusterCIDR: 100.96.0.0/11 - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/instancegroup: nodes-us-test-1a - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 30s - shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 -Networking: - nonMasqueradeCIDR: 100.64.0.0/10 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy deleted file mode 100644 index c5b2b25812f36..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Statement": [ - { - "Action": "sqs:SendMessage", - "Effect": "Allow", - "Principal": { - "Service": [ - "events.amazonaws.com", - "sqs.amazonaws.com" - ] - }, - "Resource": "arn:aws-test:sqs:us-test-1:123456789012:minimal-example-com-nth" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/minimal-1.26/id_rsa.pub b/tests/integration/update_cluster/minimal-1.26/id_rsa.pub deleted file mode 100755 index 81cb0127830e7..0000000000000 --- a/tests/integration/update_cluster/minimal-1.26/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.31/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key rename to tests/integration/update_cluster/minimal-1.31/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 834484933df0c..3b563a97a52e5 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: pEPkTd60I1vJQETo3EjSRADH3T8WgBhEYh1Xk4B4PBM= +NodeupConfigHash: klMj3mKSOZir95MgdNFRquS9P5e5wcSBM0MMav/WsFo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_nodes.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_nodes.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_nodes.minimal.example.com_user_data index 9ab84cf8b5a10..12ce2409d7b8b 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: l4LvADQG3n3cvmN2OEmOZwQf/oIT130Bb8vx2AhdvVM= +NodeupConfigHash: 5B5Foj9pAfg4gQEkqoEOyhtzobF0+jwTrijK4KTOy7g= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_cluster-completed.spec_content similarity index 88% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_cluster-completed.spec_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_cluster-completed.spec_content index b552c7bf6216a..7b81716203843 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -84,10 +84,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.31.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -113,10 +110,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.31.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.31.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.31.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.31.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-events_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-events_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-events_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-main_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-main_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-main_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_kops-version.txt_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_kops-version.txt_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_kops-version.txt_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content similarity index 99% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daac5b..adc407bc8039c 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-bootstrap_content similarity index 98% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 97589f64d8745..a17569f8c3f77 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-master-us-test-1a_content similarity index 85% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f1d43d0200d9b..73f2ef23fed63 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.31.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 39e7f1c61c8389ea7680690f8bd5dd733672fa16875ae598df0fd8c205df57a9@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet + - 7c27adc64a84d1c0cc3dcf7bf4b6e916cc00f3f576a2dbac51b318d926032437@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - b310da449a9d2f8b928cab5ca12a6772617ba421023894e061ca2647e6d9f1c3@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet + - f42832db7d77897514639c6df38214a6d8ae1262ee34943364ec1ffaee6c009c@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - c2a292714d0fad98a3491ae43df8ad58354b3c0bdf5d5a3e281777967c70fcff@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.31.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.31.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.31.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -311,7 +301,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.31.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -324,8 +314,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content new file mode 100644 index 0000000000000..f7c16f515bd65 --- /dev/null +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content @@ -0,0 +1,64 @@ +Assets: + amd64: + - 39e7f1c61c8389ea7680690f8bd5dd733672fa16875ae598df0fd8c205df57a9@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet + - 7c27adc64a84d1c0cc3dcf7bf4b6e916cc00f3f576a2dbac51b318d926032437@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 + - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz + - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz + arm64: + - b310da449a9d2f8b928cab5ca12a6772617ba421023894e061ca2647e6d9f1c3@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet + - f42832db7d77897514639c6df38214a6d8ae1262ee34943364ec1ffaee6c009c@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - c2a292714d0fad98a3491ae43df8ad58354b3c0bdf5d5a3e281777967c70fcff@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 + - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz + - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz +CAs: {} +ClusterName: minimal.example.com +Hooks: +- null +- null +InstallCNIAssets: true +KeypairIDs: + kubernetes-ca: "6982820025135291416230495506" +KubeProxy: + clusterCIDR: 100.96.0.0/11 + cpuRequest: 100m + image: registry.k8s.io/kube-proxy:v1.31.0 + logLevel: 2 +KubeletConfig: + anonymousAuth: false + cgroupDriver: systemd + cgroupRoot: / + cloudProvider: external + clusterDNS: 100.64.0.10 + clusterDomain: cluster.local + enableDebuggingHandlers: true + evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + kubeconfigPath: /var/lib/kubelet/kubeconfig + logLevel: 2 + nodeLabels: + kops.k8s.io/instancegroup: nodes-us-test-1a + node-role.kubernetes.io/node: "" + podInfraContainerImage: registry.k8s.io/pause:3.9 + podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true + registerSchedulable: true + shutdownGracePeriod: 30s + shutdownGracePeriodCriticalPods: 10s +KubernetesVersion: 1.31.0 +Networking: + nonMasqueradeCIDR: 100.64.0.0/10 + serviceClusterIPRange: 100.64.0.0/13 +UpdatePolicy: automatic +containerdConfig: + logLevel: info + runc: + version: 1.1.14 + version: 1.7.22 +usesLegacyGossip: false +usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_sqs_queue_minimal-example-com-nth_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_sqs_queue_minimal-example-com-nth_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_sqs_queue_minimal-example-com-nth_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/id_rsa.pub b/tests/integration/update_cluster/minimal-1.31/id_rsa.pub similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/id_rsa.pub rename to tests/integration/update_cluster/minimal-1.31/id_rsa.pub diff --git a/tests/integration/update_cluster/minimal-1.25/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-1.31/in-v1alpha2.yaml similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/in-v1alpha2.yaml rename to tests/integration/update_cluster/minimal-1.31/in-v1alpha2.yaml index ef3d6a12e7ecf..85e534f185174 100644 --- a/tests/integration/update_cluster/minimal-1.25/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-1.31/in-v1alpha2.yaml @@ -34,7 +34,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.31.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-1.26/kubernetes.tf b/tests/integration/update_cluster/minimal-1.31/kubernetes.tf similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/kubernetes.tf rename to tests/integration/update_cluster/minimal-1.31/kubernetes.tf diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.32/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key rename to tests/integration/update_cluster/minimal-1.32/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index cbe41693914e1..7bd254185e488 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: k/B9mcfXVMF4pUBZTSlZOrkAFcmuWQVoCYf1v2ZIaOs= +NodeupConfigHash: WZBRnkUUrOAa9dNL9pJuU9Dln/6G8v6o+j/dDrhy5cI= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_nodes.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_nodes.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_nodes.minimal.example.com_user_data index e311f63c35da2..e0188aa4c8bf0 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: WwtxlSoKOB8hEehXX1eGuBozTH2Ndl4NNAuqkWa4+O0= +NodeupConfigHash: SMpgyJTx4eKvv8ID4K/ZkwlnwwirmmcUKxz1B6Vl+1Q= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_cluster-completed.spec_content similarity index 88% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_cluster-completed.spec_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_cluster-completed.spec_content index cca92986344f8..dbc5f64525d12 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -84,10 +84,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -113,10 +110,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-events_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-events_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-events_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-main_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-main_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-main_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_kops-version.txt_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_kops-version.txt_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_kops-version.txt_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content similarity index 99% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index f84082c78bd6d..adc407bc8039c 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-bootstrap_content similarity index 91% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 018679818fb23..a17569f8c3f77 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: cada585acb2647f44abffb456f75360045099c11f9221b50780f12d940ccefb1 + manifestHash: 96b7d8947795c54d86ae8d49d6b0dcd4eab4d0b288ab2e592259f82ed91acc07 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 22cb0da8fc5f5cb33951c0e8fe8f90db7696003c2dc16f0061cd3cb95cdd4dcb + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 2b9f70f7a7983..526c144ba7f91 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-master-us-test-1a_content similarity index 85% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 82dfb4c1b4664..a420cd225f091 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -311,7 +301,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -324,8 +314,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content new file mode 100644 index 0000000000000..febb37d43ced5 --- /dev/null +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content @@ -0,0 +1,64 @@ +Assets: + amd64: + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 + - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz + - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz + arm64: + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 + - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz + - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz +CAs: {} +ClusterName: minimal.example.com +Hooks: +- null +- null +InstallCNIAssets: true +KeypairIDs: + kubernetes-ca: "6982820025135291416230495506" +KubeProxy: + clusterCIDR: 100.96.0.0/11 + cpuRequest: 100m + image: registry.k8s.io/kube-proxy:v1.32.0 + logLevel: 2 +KubeletConfig: + anonymousAuth: false + cgroupDriver: systemd + cgroupRoot: / + cloudProvider: external + clusterDNS: 100.64.0.10 + clusterDomain: cluster.local + enableDebuggingHandlers: true + evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + kubeconfigPath: /var/lib/kubelet/kubeconfig + logLevel: 2 + nodeLabels: + kops.k8s.io/instancegroup: nodes-us-test-1a + node-role.kubernetes.io/node: "" + podInfraContainerImage: registry.k8s.io/pause:3.9 + podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true + registerSchedulable: true + shutdownGracePeriod: 30s + shutdownGracePeriodCriticalPods: 10s +KubernetesVersion: 1.32.0 +Networking: + nonMasqueradeCIDR: 100.64.0.0/10 + serviceClusterIPRange: 100.64.0.0/13 +UpdatePolicy: automatic +containerdConfig: + logLevel: info + runc: + version: 1.1.14 + version: 1.7.22 +usesLegacyGossip: false +usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_sqs_queue_minimal-example-com-nth_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_sqs_queue_minimal-example-com-nth_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_sqs_queue_minimal-example-com-nth_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/id_rsa.pub b/tests/integration/update_cluster/minimal-1.32/id_rsa.pub similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/id_rsa.pub rename to tests/integration/update_cluster/minimal-1.32/id_rsa.pub diff --git a/tests/integration/update_cluster/minimal-1.26/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-1.32/in-v1alpha2.yaml similarity index 98% rename from tests/integration/update_cluster/minimal-1.26/in-v1alpha2.yaml rename to tests/integration/update_cluster/minimal-1.32/in-v1alpha2.yaml index 3ab7810141985..15db0fd0d392c 100644 --- a/tests/integration/update_cluster/minimal-1.26/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-1.32/in-v1alpha2.yaml @@ -34,7 +34,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-1.25/kubernetes.tf b/tests/integration/update_cluster/minimal-1.32/kubernetes.tf similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/kubernetes.tf rename to tests/integration/update_cluster/minimal-1.32/kubernetes.tf index 0b17171a8f3f0..175f6b0eed8ce 100644 --- a/tests/integration/update_cluster/minimal-1.25/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-1.32/kubernetes.tf @@ -705,14 +705,6 @@ resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "tests/minimal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content index 4ae0440dd5668..35a2718aef166 100644 --- a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 0e58080d9cdea2a7864f0312d8c55b6a0fdddf8892b3f5a84c3a25e92accf97c + manifestHash: af0caacaec3b67a77aac95f4c35c04f39670028c28044eed18680273894cf4bf name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 030c696c8f3a8..0c76d32b8e1a1 100644 --- a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index a91e7a02a11e1..30bb70e7e3c0e 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: GJpv+cbvWJhszaPildTR7YuBPWxO7yhDqye7WgBP3a8= +NodeupConfigHash: 2EXmXLYqqd3PfQcydIXY11Ucnc2r/4rLC5OaTdOs73E= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data index 06985908ae5fc..79113751673a9 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: AtWaof337lrN2NoQFvviT2Ss2cYW4gX24G/7XN349E8= +NodeupConfigHash: YPrB3cfcKbPHW2PR2eT2wP48UOI1Y9ZHBXCw/D4A2lI= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content index 56a58e2873ecf..4ea0e89dce931 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/minimal.example.com/backups/etcd/main @@ -83,10 +83,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -137,13 +131,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -156,9 +147,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -170,7 +158,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -180,9 +168,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daac5b..adc407bc8039c 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 82d161438a1c7..f79c65f9b5fa4 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -92,7 +92,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9b352b6d0f769..1b5caa78b2c2c 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content index 8d53ffcf52731..6403ccde38b25 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -51,7 +50,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: true diff --git a/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml index 32577c96018d0..1c16b152aba83 100644 --- a/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml @@ -36,7 +36,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data index d8e57b573ff41..18c49b9f11520 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-etcd.example.com ConfigBase: memfs://clusters.example.com/minimal-etcd.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ktsWtBv941aK+pL98v7GFVU89eXwuIdC4metzQEM7As= +NodeupConfigHash: Av4VC9VxGgU5F/yBW99C3zDIGtCnf9EQlzRF9EnO/JU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data index e07df817c9335..1469662137640 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-etcd.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: yMctYTFg9SjCY6xHLGHPkCX5r1vNCy6ISaVleabk53A= +NodeupConfigHash: ekT1IR5qSaKvPbRXfWk68/h6xmexrdh4Dttz+usnr+I= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content index 6c0ff0dd9cfc2..7b72a1fc5c1fd 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-etcd.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-etcd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 844202e805668..15c588b20b412 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content index d09d5a53bbdbc..a925083e1d4ae 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 9684ff5db48d7b1c2dee835bf68842915b233b86e84d8afdfb3b56deb1162968 + manifestHash: 1dba484ccab8281082504bb4ef46df14d6dec92888ce6034b42fe5845741b6e2 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 65d31b311645c118e7a81bb3c5afdd20e93ac3f1dec5bab846dbefb8016d40e8 + manifestHash: 5c24d867c3e6a322d031ea109334d10b1608f75226765c38cff8395149b53eec name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 475ec8aafcb87..716d7964e8304 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e59f7c7bd0e5c..4176de451ded6 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-etcd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-etcd.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-etcd.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content index f7c680acce8ce..03044a55dab41 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml index d68f5ac0e74dd..103cce239c393 100644 --- a/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-etcd.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-etcd/kubernetes.tf b/tests/integration/update_cluster/minimal-etcd/kubernetes.tf index e3e73d3a0f7c2..a08b8ac2b9b04 100644 --- a/tests/integration/update_cluster/minimal-etcd/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-etcd/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-etcd-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-minimal-etcd-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 1f0b3cef247e1..5edf11700e994 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Arj9CPYPT79nVe1Uju7SKarwPhrwxdpEn3bezaNlNUo= +NodeupConfigHash: u7Gr0XwgMUCmXNEG29SnW1+ljmUinf8gdvYeTKvzNFA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bcafa..26c4acec16789 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content index 327a76caa5e9e..dc4aff0be98e9 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -83,10 +83,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -137,13 +131,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -156,9 +147,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -169,7 +157,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -179,9 +167,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daac5b..adc407bc8039c 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 2c3f3b4fdfeb2..6696cb9bf522a 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e45b55f9acc40..1b8293d4ee289 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbdae8..da75b50a113ba 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml index fb85ec6349af3..68c1b5115a7e5 100644 --- a/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml @@ -27,7 +27,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf index 823580294f2ca..82ca8d56ace09 100644 --- a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf @@ -416,7 +416,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -498,7 +498,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index 30ca7b0f34cb5..ee029e46daa05 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: JMCr7MrAoTYDT4wpGT3Onenf3V3Hg+8RZo8GX+pHX7g= +NodeupConfigHash: STc/xkQbYF4RgvljqPAsR/N2KmV2NWkCG2ph1iyeZvg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index 929dc82ee883d..c915e2255942b 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: q47Igf/BIdRXGK0I0cE7G1H6v/jzroe8CSAyEwPI58c= +NodeupConfigHash: 96xVJcv2LGD9IGs+tT9dYZiS95XjU9ia6qC+So1BEDo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content index 30ebaa15859b8..1bc2b2b301358 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234e31..3089f7d99c381 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index 6f66fba1f7cf6..5f145992f5259 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -161,7 +154,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b06e..7f92a8042cb54 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a9a4c587412a6..a621c20854ec3 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -279,7 +272,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -290,9 +283,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -307,7 +297,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: ::/0 @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content index 62b4e905f99aa..af0ced2751209 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -22,7 +24,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -33,9 +35,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -46,7 +45,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: ::/0 @@ -55,7 +54,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml index 10629e1613067..544b74ebc4429 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf index dd11298255d0a..111d8fb82e0b6 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index 569cea92c7c65..38db5320a673e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: dnbwGBrZmQLLU6jC+8aaVpKUHtJrPke+nd05kQ2Yktk= +NodeupConfigHash: x2dcwAkk+LblVNiF3OAYzgiyCZGBWwNGVEZVzYLCVII= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index a9d2b722c77ca..3a0458308eb9e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: ngrVn8IUdUeuGOM0TZ9YUMXdQ1PGkvUm+ekDwi+EHaY= +NodeupConfigHash: UMqavWlInbq+rdwC7avV4gOX1YXhFBU9YA2DKTvvT9k= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content index 07fa74602c995..e0f1a9963840e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234e31..3089f7d99c381 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index d265c44f6358a..a3beb91f03b7a 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -114,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b06e..7f92a8042cb54 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5dd62f10754f..8573bc57920e7 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -279,7 +272,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -290,9 +283,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -307,7 +297,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: ::/0 @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content index 3cc2255a11c89..aedf0c31eda79 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -22,7 +24,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -33,9 +35,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -46,7 +45,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: ::/0 @@ -55,7 +54,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml index 87d1346f807b4..b1387e636100a 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf index 38bf74e26d6a4..b7d7575e23c5b 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index c5d869cf4ce07..252860c4f805b 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ova1xYqaZS5E5uQNAiCIBVHcoMGGf+DBLF5/WdCmsrM= +NodeupConfigHash: G0hPd4eCJMAGg6pYrHIo9wfKq54mPMVabGDoyBMD2Ys= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index c9dc716360e98..44982fd21f2f9 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Suh4p0bTQdigoYjO1dUnjDxRE8QVjilE46kAJsS1hw8= +NodeupConfigHash: APtMtZEprhYFWmjygsGZC7lNfj9mFxTkuQ7aqfvRjgE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content index c17dd8fc0bca7..448a927c6b988 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234e31..3089f7d99c381 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index b1091896c9bdd..676623b59b3a9 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b06e..7f92a8042cb54 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f14cae1b257ec..945356633247e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content index d21db8daffb73..62be24183b551 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml index 63907988c751b..7369623c0e75a 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf index 8889b161b4b61..51f39f9c7ea20 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index c5d869cf4ce07..252860c4f805b 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ova1xYqaZS5E5uQNAiCIBVHcoMGGf+DBLF5/WdCmsrM= +NodeupConfigHash: G0hPd4eCJMAGg6pYrHIo9wfKq54mPMVabGDoyBMD2Ys= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index c9dc716360e98..44982fd21f2f9 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Suh4p0bTQdigoYjO1dUnjDxRE8QVjilE46kAJsS1hw8= +NodeupConfigHash: APtMtZEprhYFWmjygsGZC7lNfj9mFxTkuQ7aqfvRjgE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content index d7a6962ff42b3..03a3e8ba93307 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234e31..3089f7d99c381 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index b1091896c9bdd..676623b59b3a9 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b06e..7f92a8042cb54 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f14cae1b257ec..945356633247e 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content index d21db8daffb73..62be24183b551 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml index fea43fa0642a7..bc1af812c487e 100644 --- a/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf index 4f61fdbdf9cd6..000b4816d86a4 100644 --- a/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data index b63b6a1198d06..3d00fbbd50141 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com ConfigBase: memfs://clusters.example.com/this.is.truly.a.really.really.long.cluster-name.minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: qcSUmBJo/LvEHNX5vheCF49ka0v8T6bXchwApwa0DQ0= +NodeupConfigHash: 2186QYJn5i1QIRdd05cwDuo3sZxzXeOJHH9YR7IwLRE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data index e0568165b0b62..2dd6572717fa7 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.this.is.truly.a.really.really.long.cluster-name.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: mZGNNPBrUT1otbC/jFcujflBbrr68qsaGQjG9+4GuqQ= +NodeupConfigHash: l+Zy9NxrPG9WmcrS+UuxeLogJrfxGXJfgarBwtQnA7c= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content index 004c60ee98bf4..6975f3d220a05 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -75,10 +75,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -104,10 +101,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -129,13 +123,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -147,9 +138,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -160,7 +148,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: cgroupDriver: systemd cgroupRoot: / @@ -169,9 +157,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 8e4d932005ded..45729eaadeedb 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/this.is.truly.a.really.really.long.cluster-name.minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/this.is.truly.a.really.really.long.cluster-name.minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content index afcffe7b52de8..930df11dbe3a4 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index db56fcc591811..d0ce95d7ff619 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content index b5bb2530c19ed..231a485bd931c 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 8bc68a524682aa6365afc7d00909e6144c43d47bbe9dc21fcd7c552d0ac16d1b + manifestHash: 51c2b4201b12060324c0fe4ecf477f8ed9330ad3540272fecb3ca4199252e441 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: dc6e4f6936c9db28b65d3f333a4edd9ccdbc0c648d9e7f09087b4cf2d11db52e + manifestHash: 40c78faccab6e1a5895bbc737faeb0d315405dc398bc7a27ad6632de3265cdc5 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 3637a838a86ec..fa39e2a93dc92 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml index 41cde758a2107..54a5774b58ffe 100644 --- a/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml @@ -18,7 +18,7 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.this.is.truly.a.really.really.long.cluster-name.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf b/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf index 88a20a2be1b66..8da4e7e0100b3 100644 --- a/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-this-is-truly-a-really http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-this-is-truly-a-really-really-long-cluster http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data index 2cd4b56ffccbd..08c34b89351a6 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-warmpool.example.com ConfigBase: memfs://clusters.example.com/minimal-warmpool.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: UYjSJkNykwwRpBdeZECbSgxgjaxqCPoK2Ee2Hthdp2s= +NodeupConfigHash: YLdutMBZQUxqRbdUIHPeIpbPlVuHaSCdhxbqLT6LgpM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data index 9bda4f6914757..0356008510a5f 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-warmpool.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: OEGyrjkH73KIYbkYHitZKm3GmJgsOg+tgdhZNH+Lq/g= +NodeupConfigHash: 7ycbTcuEmk3sdJttHVwWGwlO+e4cW1GXHFmLWgA0VLA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content index f1d4a76d1bee8..8998336107063 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-warmpool.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-warmpool.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 868c50574aeb3..d00e462875021 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content index 262399b27a641..7d778532257e4 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: bcd0fe39232586a3a28883fb0d6aa410c10eeeffdc81073184bea589dc72ec06 + manifestHash: 2271862ea5b0505184ba5073673a77500f3362b1cc65946ef77ff5c0e13ba886 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: b2cee6598a435f704f6f1d3282208769d5baaf21d5fe371c5f1ad678a8f049c6 + manifestHash: b44967f0bd287a1edb4f4ba8a53d04c0b7a495a19870dec87dfde5b8dc69d950 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index e30040c555d10..f36e4d248a1bb 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 96f2556e1a2f3..afc6ff52cd607 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,19 +56,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -237,19 +236,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-warmpool.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -279,7 +272,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -290,9 +283,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -307,7 +297,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-warmpool.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-warmpool.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content index aa3ca3f63a4a2..2f278419bcf17 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -24,7 +26,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -35,9 +37,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -48,7 +47,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -57,12 +56,12 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false warmPoolImages: - quay.io/cilium/cilium:v1.16.3 - quay.io/cilium/operator:v1.16.3 -- registry.k8s.io/kube-proxy:v1.26.0 -- registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 +- registry.k8s.io/kube-proxy:v1.32.0 +- registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 diff --git a/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml index 60d37beba70a7..6b59c90e6847e 100644 --- a/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml @@ -24,7 +24,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-warmpool.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf b/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf index ab67a1a2e44d7..90d0f8f086217 100644 --- a/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf @@ -432,7 +432,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-warmpool-examp http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -514,7 +514,7 @@ resource "aws_launch_template" "nodes-minimal-warmpool-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content index 6ba20b7eed717..6b60b48a8805b 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content @@ -32,8 +32,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -86,7 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,7 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,10 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,7 +162,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content index 2b64e4d1b95d8..c9db50f050175 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 94af249575dd6ac4881fc5effc276f5968ad22e7aa30e7795f826125af89f004 + manifestHash: bab666538683ef3e9156a91ee2b50a83247d9c721bf3921854cde6e323f82120 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 563ea6c4b61247cbba3dc624b378a56dfdb2f887a39592f15ba1589b540b6487 diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b77f999a2bf99..b068e9f709c40 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index e78491b817b06..feb6b8aac44fc 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content index 0380424aaaa99..edb80720a9d02 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data index 91e451f105564..23fea7c6eb267 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce.example.com ConfigBase: memfs://tests/minimal-gce.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: O9tu/2iDdoASFC6EdHiW9OKceGx8gSFxvTjY7vsCCvU= +NodeupConfigHash: K+CCk17XKAjQWjfjsWn6WGGIkF1uWn+HJOuoXw9eiQw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data index 7a3996bd548d1..3510b4bef4e43 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: emPV8sG3SHlriMIH1NlrMPlYehZK5TolODtla26tqiQ= +NodeupConfigHash: MW1iIpx9cHdrKiMBA3xhg3dFxrhNHBNsG2nvo8MyYxE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml index bc787ee2b775f..9a49973323a2d 100644 --- a/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce/kubernetes.tf b/tests/integration/update_cluster/minimal_gce/kubernetes.tf index 9ac73da1277cc..379bb5ec5b02b 100644 --- a/tests/integration/update_cluster/minimal_gce/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-example-com-addons-limit-range-addons-k8s- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content index 2b46837e926b9..b39802142f313 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content @@ -35,8 +35,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/minimal-gce.example.com/backups/etcd/main @@ -86,7 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,7 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,10 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,7 +162,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content index bc05b7b7108b6..6242cd15796dd 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 94af249575dd6ac4881fc5effc276f5968ad22e7aa30e7795f826125af89f004 + manifestHash: bab666538683ef3e9156a91ee2b50a83247d9c721bf3921854cde6e323f82120 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -46,13 +46,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 563ea6c4b61247cbba3dc624b378a56dfdb2f887a39592f15ba1589b540b6487 diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b77f999a2bf99..b068e9f709c40 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index ccab43209de1b..bb8e9f7e49055 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content index f77c26cc8fec4..ea0f6f892dcdc 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data index 0fee7ceadc7a1..e12b65dfecf84 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce.example.com ConfigBase: memfs://tests/minimal-gce.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: g3lbZ2msG5Qi/tRbnnSJIxvRRE+OhMNTnAKs7j+WYcw= +NodeupConfigHash: POh0filk5Vhg0c+KrR4A0aJUNWTPuihZZ2iAhbaPQOc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data index 75578c2b139d3..f37116d1b4b76 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 1LDWa09+EGR84CsX3FydIqktkubxAnR04RQ78kKN2GU= +NodeupConfigHash: 9e5fkQL5EUHHU6UQmI7rxTmgvpaF8UDn2fjI3KK9VA4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml index 1a944aa628c4f..91a11c16c5819 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf index cc3d4c8dd06f7..703e3ec6d564f 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf @@ -138,14 +138,6 @@ resource "aws_s3_object" "minimal-gce-example-com-addons-limit-range-addons-k8s- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content index 6b740d89531ce..6121fb9f76bda 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content @@ -36,8 +36,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -90,7 +90,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -116,7 +116,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-ilb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,10 +138,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,7 +166,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content index e582449c1bb79..6bd1f6b44dda9 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: a08d1f57edf3ef9bf36c281f1bac0d71282f6ca528e320a376b5e101fb3b41ca + manifestHash: e8b8a7fe78fa5344d98abb1dca050ba176cc4f19f0fd34955d92f614b01c8428 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 9be551d87a138c931e1e39fa4445fee18fe5ca495cf6229fb104001abd35fd93 diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 33ee0fea1d3e3..96452c2abedcb 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index 66c3431f7a642..c1f54ca016a7c 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-ilb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-ilb.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-ilb.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content index b3d9912a19d6c..4f0f48d1e3221 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-ilb-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data index bc971edc32b78..2efce4add79b1 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-ilb.example.com ConfigBase: memfs://tests/minimal-gce-ilb.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: ERHgdvtfxh08HlZRThisFOedfB22qTVYoSvCMWvq2XM= +NodeupConfigHash: yU5wvUuN/aVpg2hI1PBZ5WwFylekK+SIijvUfSCVWAg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data index 72964cca8efc9..bd20d5037d827 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-ilb.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: jaPx50wdtO/EC22RG/03R8UBFG7PqWBU9HYSnpUuvxI= +NodeupConfigHash: e9vNXFw9nt4AlZmXXK6rTA7soNyFIhsUapR7fmtHQik= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml index 03730cd3812ad..e54f61437e9c2 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-ilb.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf index 475208f005cf4..5db29650dd702 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-ilb-example-com-addons-limit-range-addons- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-ilb-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-ilb.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-ilb-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-ilb.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content index eb8a41dcafb45..1b4c297ffea48 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content @@ -36,8 +36,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -90,7 +90,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -116,7 +116,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,10 +138,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,7 +166,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content index 75657e35e7105..e150c95e54861 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: be6bde6948c1b30105d9e2fb5271c6c7bd1ce9d944bdeba1b5b138308e5d1eb2 + manifestHash: e5eb1e384edb9b6c10b648a16abf3d9093341d3f5a2d3173645549da87b3c210 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 5c1d2b26f8a2d8f8b622381cdc06b34be87be9a5d0dd5764a248b28809621824 diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 71fc74e07aad8..afd90e5bd2bc6 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index bccb690d5e5a6..bb7975955a3dd 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content index 981b0427371da..808c4c601befd 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-with-a-very-very-very-very--96dqvi-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data index 3357958a0b27e..9118f83705f1f 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com ConfigBase: memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: ntCCGf3auTvGV21zZtxErvZvsmLkPR/pk72hnWrTEt8= +NodeupConfigHash: MHsWGporS0eStGhki/GoFWMMqe/ttkgCpe8fDm0HQLE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data index 531ed1e7f969e..ecb2d433cfe37 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-with-a-very-very-very-very-very-long-name.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: RSxWbov23GXcHlonmVB7hQJIBHA/NQ7AF+8uXL2dDHE= +NodeupConfigHash: Zi/PuT9mqIddvOv4O/TU6uo1jMR9PzKWd4dsg9PRtW0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml index 1584482baa2cc..5c17a438d9f31 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-with-a-very-very-very-very-very-long-name.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf index 941c232a4b5da..59b5fa4fc07f4 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content index 07e8b9c149100..924019e98320a 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content @@ -33,8 +33,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -87,7 +87,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -113,7 +113,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -135,10 +135,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -163,7 +163,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content index 75657e35e7105..e150c95e54861 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: be6bde6948c1b30105d9e2fb5271c6c7bd1ce9d944bdeba1b5b138308e5d1eb2 + manifestHash: e5eb1e384edb9b6c10b648a16abf3d9093341d3f5a2d3173645549da87b3c210 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 5c1d2b26f8a2d8f8b622381cdc06b34be87be9a5d0dd5764a248b28809621824 diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 71fc74e07aad8..afd90e5bd2bc6 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index 1fab5f0bdf24e..0aeb7cd2d3d01 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content index 981b0427371da..808c4c601befd 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-with-a-very-very-very-very--96dqvi-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script index 829e4a57276b8..5ee065143ec35 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script @@ -129,7 +129,7 @@ ClusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com ConfigBase: memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: 8dGDbo1++ryciF3GssUscURJAcitPNJMTAqnXWTFwkw= +NodeupConfigHash: rkOyOCBIQAwF/Kfs7pBoqDPelKjhVDB4wXihs7cnGFo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script index 531ed1e7f969e..ecb2d433cfe37 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-with-a-very-very-very-very-very-long-name.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: RSxWbov23GXcHlonmVB7hQJIBHA/NQ7AF+8uXL2dDHE= +NodeupConfigHash: Zi/PuT9mqIddvOv4O/TU6uo1jMR9PzKWd4dsg9PRtW0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml index fd6435d02b903..db73883565543 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml @@ -34,7 +34,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-with-a-very-very-very-very-very-long-name.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf index aa970607c4866..9db8fb701d367 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content index eb7f538a782b9..8bd867e00e76e 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content @@ -36,8 +36,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -90,7 +90,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -116,7 +116,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-plb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,10 +138,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,7 +166,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content index dbedd24be780c..d09d30df4e4b0 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: cb2042cc730fc9ba1ddd8bb8e129595fa5fae10616cc582d7baf55c3d97ca919 + manifestHash: b4bdd8d3227a9503736b3edc11e9cdeb2a517071cf40dfc33ff3c1b05c11f440 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: ce85b344b9411208fd901c7699027cbffa4d1eb478c81acc44a1133acd01bda8 diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 2135b0074bdaa..fd390b1fde5cd 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index f1a2924ed84a1..3f9b863389038 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-plb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-plb.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-plb.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content index 1198682d93506..1d2e5ac2408ce 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-plb-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data index 094d3a07f5bbc..3186350d9d51b 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-plb.example.com ConfigBase: memfs://tests/minimal-gce-plb.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: cMvFpky7SE6GqYpstTl1EMO4nqxjXsVkbHkwaHxQOok= +NodeupConfigHash: bSq0XflQ+1NhZ7ZIvikumMdUQctJAXaSh9ilLamHQ9g= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data index bdb090eed6fe8..9901f483d0c5b 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-plb.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: n46+NMNgKnsSWAzTAwZ4FmqGUsbq3LrE60DdxHex7uU= +NodeupConfigHash: hgu5zxYrK6W/htHSltpil7PwCcnHE25+W29vjUzX2To= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml index a76f8c84be18a..5802a1115db12 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-plb.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf index 6d958cd08f431..9b20456175634 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-plb-example-com-addons-limit-range-addons- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-plb-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-plb.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-plb-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-plb.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content index 4d9c881583155..6a27376f9ba24 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content @@ -32,8 +32,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -86,7 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,7 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-private.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,10 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,7 +162,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content index ed4718e2f4a9e..79ab19082eb17 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 376e1d95ed850db18e59b87559ac3b32e514b4f8393a73c0f6d013d502a027bc + manifestHash: ceac0a6de9763682a46522545e24d3f898ecb31cb64443cb4c88e5354cc0d2c1 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 15b18fbb8f418b530f48d2a8b9d1318f6f7b5c4df12e5d5179ec21f57842e06c diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 3f74ac6a2ad39..84794d2b57e6f 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb8885f..0000000000000 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index b25c75bf2f6b9..0bda2d02b25dc 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-private.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-private.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-private.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content index 9d2769637e90d..4a1d228c7f407 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-private-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data index 68df162bc96dc..022bac5b51fed 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-private.example.com ConfigBase: memfs://tests/minimal-gce-private.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: 25JqlKAyvQpNHMyAdgrkJGYzL54PDRF+W7ofoCy2UEQ= +NodeupConfigHash: 2W+XilJCh23/tEtVBfEB1Z5/2Pg69yXFrpNDEjlwPeA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data index 46eaeee0cd823..42dc9864b5f3c 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-private.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: jdtCRQpZcUE7NAr+awSy4plnkvNEbJsGAXcu1gs+R60= +NodeupConfigHash: cmz4fmfWOw9OLWklxIdNug3vPAtkm8dP1ajNRltVmAA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml index f944d2b8498ea..42798ae7c33b6 100644 --- a/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-private.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf index 0cf892031a073..595e87d7dfd44 100644 --- a/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-private-example-com-addons-limit-range-add server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-private-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-private.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-private-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-private.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data index 50e8b5eb97a23..e4365ca1832b2 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: TI5eMxNyhKrfisxHTrT5oYfsMM+J1iX2X2eW9XyvkMQ= +NodeupConfigHash: VjETiw+kdBXCLWgMo9Zr9EIASW6kRfDa/tM+SxuoE/U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data index cf9e33d752e86..ca5d7cdfff66c 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: ZTRdjUy+OLqcnvm10a8bguUGVvt8Fp8D/29mSoUyJqw= +NodeupConfigHash: GKtAwTyeNzGY8RjLsNnZ9Rgtvamc7XWvbKhg9TCNneU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content index ebf0b180a6583..ea34f05ac8518 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://clusters.example.com/minimal.k8s.local/backups/etcd/main @@ -76,10 +76,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -105,10 +102,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -130,13 +124,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -149,9 +140,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -162,7 +150,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -172,9 +160,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index f92127e4c5972..cdcefb184d45e 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content index e206243c615f2..8bf1ce0de7914 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2e44cc45663c696e3888edb07a95f7b1b89479e747c0d0aa8a70cb62458eb1cc + manifestHash: 3d43bbb1bfce77cde72a78473f6f286dab501186e3791f0107839c344e42dd5c name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: dd1a636ea1ba98126c61c82fcbd59a9b7cf631653cdb7f2476d59e66fc4e7f52 + manifestHash: 70fa5f93d9b6f66c8eccd368e48a047faad48479d107889e3afa1d8a543ec7f3 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a235b5b10c93f..2a18adbbcd697 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 4780b3266add8..3b78ff57a8a15 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content index 1a0bae6e7a4dd..e7922fa31aae7 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -51,7 +53,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -62,9 +64,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -75,7 +74,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -88,7 +87,7 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: true usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml index 8a5eb8b441e19..5c9f55f4d2ada 100644 --- a/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.k8s.local networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal_gossip/kubernetes.tf b/tests/integration/update_cluster/minimal_gossip/kubernetes.tf index f65453cc5ae01..f7b224ed4265d 100644 --- a/tests/integration/update_cluster/minimal_gossip/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gossip/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data index 504a66182e955..51810bae31d61 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: slfpGg/g0a7ExmKM9pyK7wB5ZtlvwdzXOHMWBk6Unsw= +NodeupConfigHash: 8/oRkufuNgAGUF4/WzJGd+m9+ATP9rsRG+mJ1w7GeMA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data index cf9e33d752e86..ca5d7cdfff66c 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: ZTRdjUy+OLqcnvm10a8bguUGVvt8Fp8D/29mSoUyJqw= +NodeupConfigHash: GKtAwTyeNzGY8RjLsNnZ9Rgtvamc7XWvbKhg9TCNneU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content index 2d8388c8d6d35..29956926fcb13 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://clusters.example.com/minimal.k8s.local/backups/etcd/main @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 63ba8638c2dd8..ab356b1712fe1 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.k8s.local - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content index 3427680b2da7d..a9e545112c7e8 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2e44cc45663c696e3888edb07a95f7b1b89479e747c0d0aa8a70cb62458eb1cc + manifestHash: 3d43bbb1bfce77cde72a78473f6f286dab501186e3791f0107839c344e42dd5c name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: db394d59628b7662f656743679422a8120a6fddf69a0396a3344be902a34ef59 + manifestHash: 44a0c921fee991e75fef9c4fa03c9409c883449204358ef1e004d8ba883a104a name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a235b5b10c93f..2a18adbbcd697 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 498770271b60b..5b2b1b2efa5c3 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content index 1a0bae6e7a4dd..e7922fa31aae7 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -51,7 +53,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -62,9 +64,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -75,7 +74,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -88,7 +87,7 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: true usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml index 859b4b84b6193..8ea973082ba40 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.k8s.local networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf b/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf index cb0ef02059108..184cc6c1077b1 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf @@ -525,7 +525,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -607,7 +607,7 @@ resource "aws_launch_template" "nodes-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content index c34b013cbfaa0..b2d7f3ec9741f 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/minimal.example.com/backups/etcd/main @@ -79,7 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -105,7 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -127,10 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,7 +154,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 9a41577bea342..e788e50243c64 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 6da4532fe87aaaf142b30d133efa28ed013f8e1fcfa5156dcf1698bbf1849777 + manifestHash: 8b31eb8c878b14e96cc5c607a8bee33c844994241f7263d2a01188f6b619ee91 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index ac9c3a97b01dc..be97f09c526a7 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -65,6 +65,8 @@ spec: value: 127.0.0.1 - name: HCLOUD_TOKEN value: REDACTED + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content index 089cac039d70c..dbaf8323d5272 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content @@ -24,7 +24,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -54,21 +54,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -234,13 +234,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -270,7 +270,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -295,7 +295,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -308,8 +308,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-fsn1.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-fsn1.yaml diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content index 3f72596da3cb7..e08a62c2aebde 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content @@ -1,18 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +26,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -47,7 +47,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -55,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: true diff --git a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data index a2109608d9fda..9848ec4265aa7 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data +++ b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-fsn1 InstanceGroupRole: ControlPlane -NodeupConfigHash: NniKBUB1ksKZGJzTZbW+SNwU0G5L/tUFFWM4rYtyfZU= +NodeupConfigHash: WoFnfIlUY0BSqrFvYdqON0WCFZe2xzPUCkXB/pujCus= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data index a216d553fa1c7..751f6b66c8d7b 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data +++ b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes-fsn1 InstanceGroupRole: Node -NodeupConfigHash: jn9Uny1kv6x28Z1EVFTV46RQzoBqAB0JCFiYRktMYRo= +NodeupConfigHash: xALsm+NMuz/GrG+SXl/JriIFTV+AaSenxXbwQTqEtB0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml index 6805f2d3b84e2..0d3a898ad8b57 100644 --- a/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml index 0ca2331f4a06b..c79de6ad50465 100644 --- a/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml @@ -29,7 +29,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} networkCIDR: 192.168.0.0/16 diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content index 0559d842dbd44..36c33ef4aa28e 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content @@ -18,8 +18,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/scw-minimal.k8s.local/backups/etcd/main @@ -72,7 +72,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.5 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -98,7 +98,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: scw-minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.5 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -121,10 +121,10 @@ spec: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m enabled: false - image: registry.k8s.io/kube-proxy:v1.25.5 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.5 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -148,7 +148,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.5 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content index 09cdc1a5510f0..0f6b1a2e12a79 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content @@ -24,7 +24,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.5 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -54,19 +54,19 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 16b23e1254830805b892cfccf2687eb3edb4ea54ffbadb8cc2eee6d3b1fab8e6@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet - - 6a660cd44db3d4bfe1563f6689cbe2ffb28ee4baf3532e04fff2d7b909081c29@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 18aa53ff59740a11504218905b51b29cc78fb8b5dd818a619141afa9dafb8f5a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet - - 7bc650f28a5b4436df2abcfae5905e461728ba416146beac17a2634fa82a6f0a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -232,13 +232,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: scw-minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.5 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.5 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -288,7 +288,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.5 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -302,8 +302,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/scw-minimal.k8s.local/manifests/etcd/main-control-plane-fr-par-1.yaml - memfs://tests/scw-minimal.k8s.local/manifests/etcd/events-control-plane-fr-par-1.yaml diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content index 61f17e1aa35c9..bcbb6f454f3b9 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content @@ -1,18 +1,18 @@ Assets: amd64: - - 16b23e1254830805b892cfccf2687eb3edb4ea54ffbadb8cc2eee6d3b1fab8e6@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet - - 6a660cd44db3d4bfe1563f6689cbe2ffb28ee4baf3532e04fff2d7b909081c29@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 18aa53ff59740a11504218905b51b29cc78fb8b5dd818a619141afa9dafb8f5a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet - - 7bc650f28a5b4436df2abcfae5905e461728ba416146beac17a2634fa82a6f0a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -44,7 +44,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.5 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -55,7 +55,7 @@ channels: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: true usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content index 5b36954851743..76519f929da5d 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: dbb14bb38213dfc4bc0ad7b1eae4b8c6348f73807bf2d6597d644ef92f922442 + manifestHash: 3f21ba47ab7f804028c5926ca8915d1f654d9beaaa242853b66191b37f31816e name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 7ee0abe374712..9c5a7e429eea3 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" - name: SCW_ACCESS_KEY value: "" - name: SCW_DEFAULT_PROJECT_ID diff --git a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data index 8901c0c89af34..ffd3ef59d89c4 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data +++ b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data @@ -132,7 +132,7 @@ ClusterName: scw-minimal.k8s.local ConfigBase: memfs://tests/scw-minimal.k8s.local InstanceGroupName: control-plane-fr-par-1 InstanceGroupRole: ControlPlane -NodeupConfigHash: 1KJOl7OFEx8pBcsWXXMrqsygHjsBG2J16d6kq+cbs+g= +NodeupConfigHash: IplAdCNmw88K2t0/eNtizR2tHlP/bFsQphUWrKhLLow= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data index 6b6cc9b51a7bd..2be772d052ab2 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data +++ b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data @@ -155,7 +155,7 @@ ConfigServer: - https://kops-controller.internal.scw-minimal.k8s.local:3988/ InstanceGroupName: nodes-fr-par-1 InstanceGroupRole: Node -NodeupConfigHash: VEYZneTdXQVB917D4EzwdKmBdJ4OFd7FrIDry159DD8= +NodeupConfigHash: pynq4N94Z3i0e9k/dzWhLxtxAJmgO9cjxobDXWD/fGU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml index b88f6a364fd99..da5ebd712dc5d 100644 --- a/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.5 + kubernetesVersion: 1.32.0 networking: cilium: enableNodePort: true diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index 4c73c9710391c..fd7601a071f10 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: gcWAvv1QiO+KxfCeXPae8Z/DOM5bwCg/p2Nuy/9ckzY= +NodeupConfigHash: 5uLKMwY31M8+U+Pdw9D9QVF+9X7dv5Y3GXjraIEaubg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index e2f12dd383e8b..8591632f8eba0 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: huIKr3Syeo4VAdMAj1pzKo6pMeUcEX2uHa8FbxEGvC8= +NodeupConfigHash: wS6f1JJdyJ5gTWcnGBnst/vdiwZR1Z8sV68OwV8akFw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 30c819f74cb53..44bee14b6983f 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: rtsEQx/eHf9m0/25wraf0IMpqvOmAMCdaJ9lEySMkec= +NodeupConfigHash: Rz2R4e2cf+3fAoVM1XUdF6RV5BElUh+JfHEMxuS7vgw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data index 8f59e793ed397..389430b403a0e 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.mixedinstances.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: vR9tnPGXM/YLtMOlHeM7mjuYi4aIzmBsFG6KIDf8rFA= +NodeupConfigHash: 19kQmwaIQCL4XbGiz1Y2jrp1BXXCjZ3uY0jn+rIW3Pg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content index 7cc92d9e44aae..d2c939ea06c90 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index dfbf63a83d273..9752e0db3ee37 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content index 21a39253366d2..309d8d63a5f53 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2dff95f6ee3140aee212f552a944a2319622f1437dc0cd4afc5e6a6771a2c162 + manifestHash: 305d916476759d8eae7294d98dd35bf7403215b1a238bddeab21c0da5bbcfa1a name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: eb86ee299c42526d562dabfd518c48a316f5d1021c66d7125147ed2ec513bd3c + manifestHash: 247f99c74c91040c5485754c665fc6c98e568c463476a68c2f24c4759e54d529 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 050907f9abd64..f34960a301a7d 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index c49e198057152..a33b9fff16d2b 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index b26e4b087c87b..cbf2c367e918a 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index b23601bbc8073..14632a8165e0e 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content index 06be8df778909..abd9fc2f67be5 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml b/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml index 776199af0561a..7f52bc4be58d8 100644 --- a/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml @@ -29,7 +29,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.mixedinstances.example.com networkCIDR: 10.0.0.0/16 networking: diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 7097d1aabd10f..3ff8fd748f7a2 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -662,7 +662,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -748,7 +748,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -834,7 +834,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -916,7 +916,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index 4c73c9710391c..fd7601a071f10 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: gcWAvv1QiO+KxfCeXPae8Z/DOM5bwCg/p2Nuy/9ckzY= +NodeupConfigHash: 5uLKMwY31M8+U+Pdw9D9QVF+9X7dv5Y3GXjraIEaubg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index e2f12dd383e8b..8591632f8eba0 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: huIKr3Syeo4VAdMAj1pzKo6pMeUcEX2uHa8FbxEGvC8= +NodeupConfigHash: wS6f1JJdyJ5gTWcnGBnst/vdiwZR1Z8sV68OwV8akFw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 30c819f74cb53..44bee14b6983f 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: rtsEQx/eHf9m0/25wraf0IMpqvOmAMCdaJ9lEySMkec= +NodeupConfigHash: Rz2R4e2cf+3fAoVM1XUdF6RV5BElUh+JfHEMxuS7vgw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data index 8f59e793ed397..389430b403a0e 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.mixedinstances.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: vR9tnPGXM/YLtMOlHeM7mjuYi4aIzmBsFG6KIDf8rFA= +NodeupConfigHash: 19kQmwaIQCL4XbGiz1Y2jrp1BXXCjZ3uY0jn+rIW3Pg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content index 7cc92d9e44aae..d2c939ea06c90 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index dfbf63a83d273..9752e0db3ee37 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content index 21a39253366d2..309d8d63a5f53 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2dff95f6ee3140aee212f552a944a2319622f1437dc0cd4afc5e6a6771a2c162 + manifestHash: 305d916476759d8eae7294d98dd35bf7403215b1a238bddeab21c0da5bbcfa1a name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: eb86ee299c42526d562dabfd518c48a316f5d1021c66d7125147ed2ec513bd3c + manifestHash: 247f99c74c91040c5485754c665fc6c98e568c463476a68c2f24c4759e54d529 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 050907f9abd64..f34960a301a7d 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index c49e198057152..a33b9fff16d2b 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index b26e4b087c87b..cbf2c367e918a 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index b23601bbc8073..14632a8165e0e 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content index 06be8df778909..abd9fc2f67be5 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml b/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml index d55cdda2ab11f..8aa1c3e27d096 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml @@ -29,7 +29,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.mixedinstances.example.com networkCIDR: 10.0.0.0/16 networking: diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index 23d91a28985a0..8b8038559fb0b 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -662,7 +662,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -748,7 +748,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -834,7 +834,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -916,7 +916,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data index 33802f7b47a15..f062eab014f72 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: nthimdsprocessor.longclustername.example.com ConfigBase: memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: W2lV8NHzvl+MZwINWEvjBhPHQ8eg1B0nqEeIRW6xDGA= +NodeupConfigHash: dhGH8+9L9YU2woe3u/YOTBQhCva+0Yk1SGNlVN73iIU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data index 4c69c2739192d..49496dc202507 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.nthimdsprocessor.longclustername.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: WXrB501m8YYXdXQLgK4bFtMY7qVmedWOcBOWOufewr4= +NodeupConfigHash: i2cRnQBi+hhD4O/d6M8VDJ7/7Lij5uqAJgU7W1SG0lY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content index 969dc2a0fe129..cce228855f4bf 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -78,10 +78,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -107,10 +104,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -132,13 +126,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -151,9 +142,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -164,7 +152,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -174,9 +162,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 5695641a43635..41e7e55fc7a2b 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content index 08c1576e6bd46..9c587d5cdd808 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 53dcd17a65fed..61a841f63ffca 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.nthimdsproces-25s838 - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content index 2149c77f79c5a..378ba9b71d85f 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: c0079a2239f293612d218e04ef7d4732a8304ae5fe3f838f5c6a8880a94e5838 + manifestHash: 217253cffd6383c22916064be4f4270878f17bdd7eb0874dca4f2a320bf4b165 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -97,7 +97,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 2f5d4aab4306865ea2ee9ac78c1b8b24c168d77e776c44474df01c2ae1796287 + manifestHash: c9bd7fcc3665150d926f639acf26829071c0bba1664f8e2c046c3b519f9b9ae0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 30f2437b12f33..b79db0dcd6361 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml index b3fcc0d678cdb..87cc8325b385b 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.nthimdsprocessor.longclustername.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf b/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf index 15aeb687ca50d..865a8414b8099 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf @@ -467,7 +467,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-nthimdsprocessor-longc http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -546,7 +546,7 @@ resource "aws_launch_template" "nodes-nthimdsprocessor-longclustername-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data index 262e631733f58..9502d3fb0b06d 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: nthimdsprocessor.longclustername.example.com ConfigBase: memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: oneXzbKQoSNTcp48EoJyoAK2SAqXvqeO0D7pSdFW2ys= +NodeupConfigHash: XqEb8qdGO7RWvBf7G8QnT6RxVCL0rzMX6VApjdwWUgM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data index 4c69c2739192d..49496dc202507 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.nthimdsprocessor.longclustername.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: WXrB501m8YYXdXQLgK4bFtMY7qVmedWOcBOWOufewr4= +NodeupConfigHash: i2cRnQBi+hhD4O/d6M8VDJ7/7Lij5uqAJgU7W1SG0lY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content index 1c01cddfd8eef..b9c1705a78fe1 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 56e6995c64f1f..c0addd950aa4b 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content index 08c1576e6bd46..9c587d5cdd808 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 0e8716858dd86..7e9118f008e1a 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content index edc094e9e1a02..03f3861e998bd 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: c0079a2239f293612d218e04ef7d4732a8304ae5fe3f838f5c6a8880a94e5838 + manifestHash: 217253cffd6383c22916064be4f4270878f17bdd7eb0874dca4f2a320bf4b165 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -97,7 +97,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 52fbb9c23511d7138ccce0b7d86d5ee74e031182a17b5cf06d06f0b210d76de0 + manifestHash: 36fb1266bd99820faf884c6d7f1ac5c23006ea60a6db56e02486f2dfd42d79b2 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 30f2437b12f33..b79db0dcd6361 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml b/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml index e4deafebac371..a42ae815ecfc1 100644 --- a/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.nthimdsprocessor.longclustername.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf b/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf index 7a2b02be932c6..f5fdf5a1be488 100644 --- a/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf +++ b/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf @@ -334,7 +334,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-nthimdsprocessor-longc http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -413,7 +413,7 @@ resource "aws_launch_template" "nodes-nthimdsprocessor-longclustername-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 6aa8bb5e2a3e2..a9fac5d8c312b 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Us/bFG13BDJh1nGH/SBdjJgBhb9qMXj9EaWYHDeRqTM= +NodeupConfigHash: La8b3BiFkx9dbUYjT6jQs+QLudu3haL+Uj1BhIOIOiY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data index da6926dbb5542..dcff105e83f14 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: wZ1I0kZFJcuJYwy6TkNsVTa9P3qhW/UsJjjGejrba0w= +NodeupConfigHash: I4hErEBg3O62hSeGYG68MxFBUt9joMYwylFYYXk89hM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content index 3ebc1735e3d7e..88110e13cdbec 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -30,8 +30,8 @@ spec: enabled: true package: nvidia-driver-535-server runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -80,10 +80,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,10 +106,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,13 +128,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,9 +144,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -166,7 +154,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -176,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daac5b..adc407bc8039c 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 146785d7f0d70..0b5cbd1b5f71c 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9af8cf2aafb4e..6903f0ee35892 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -329,8 +319,8 @@ containerdConfig: enabled: true package: nvidia-driver-535-server runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content index d153dd3bfd831..1f247a872cf84 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -53,7 +52,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - nvidia.com/gpu:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -67,7 +66,7 @@ containerdConfig: enabled: true package: nvidia-driver-535-server runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml b/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml index 1580944aa5dcd..c30665e4d0dd1 100644 --- a/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml @@ -25,7 +25,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/nvidia/kubernetes.tf b/tests/integration/update_cluster/nvidia/kubernetes.tf index 5cbce4915bf1d..ba92b5c5397f7 100644 --- a/tests/integration/update_cluster/nvidia/kubernetes.tf +++ b/tests/integration/update_cluster/nvidia/kubernetes.tf @@ -425,7 +425,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -507,7 +507,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml b/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml index fc948995bccfe..4f0cce887f07d 100644 --- a/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.floatingip-openstack.k8s.local networking: cni: {} diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data index 4f2fe753c0a4b..7002ec65a77a3 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: private-shared-ip.example.com ConfigBase: memfs://clusters.example.com/private-shared-ip.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: PTOyfcL4CyyaQhsPp8abT6ZryyDJ2LrSEn4JnaFLjIE= +NodeupConfigHash: ii45HiarxMQZsJqnXYnNebvgWW4hf6YnVUYSKi+8YL8= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data index 034847f43df23..133cb9c4f47ab 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.private-shared-ip.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: q9bVDtcfKe/XJHZEdokHUpmfefie9CVCI0CtMVHziM4= +NodeupConfigHash: 9Oou1lw7xVY8YYKgHY91szzPCnI9v/keIF9tgamYg8U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content index d598dd881eb74..2976e4bafa610 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-ip.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-ip.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 7202f8af95c05..b8a07791e8ae3 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-ip.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/private-shared-ip.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/private-shared-ip.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content index 5d0c4121a44be..fdfe49ff05dfb 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 43ec524f6f51e..e13c2a32d72eb 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content index 21e07aa427f1c..dcae5c68c05e5 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 72880d935085b840392c3820b006a429970a88552da8b8771901b94d606596ca + manifestHash: ea8a16023b8f2804538503547cafda28514c00d543861c496db350e8be8d7970 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: bf3e0e94909bb2e1e283e06dff51f6bd27d2a2058515f8de00fc551a33e6dc07 + manifestHash: 56848c362702e77c4c97fcd36965dd1499b55b4d236e88fd16df85f7bd857066 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 5f79da832274a..076b138deca63 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml b/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml index eff4a9c32350a..44ce537ca1ab7 100644 --- a/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.private-shared-ip.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf index 885386843577a..fb6f8623398c4 100644 --- a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf @@ -546,7 +546,7 @@ resource "aws_launch_template" "bastion-private-shared-ip-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -619,7 +619,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-ip-exam http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -701,7 +701,7 @@ resource "aws_launch_template" "nodes-private-shared-ip-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data index d33dd15059c93..48f7d10919ba9 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: private-shared-subnet.example.com ConfigBase: memfs://clusters.example.com/private-shared-subnet.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: BXCD57hoEt99Pw7lV4+jHKn/7Kgr4l63uTJLTL3D5ck= +NodeupConfigHash: /FBSU5TLffmA5IaAnDo5Tm3P//nae1OJAobmsWEmjeM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data index 7dda92972700d..adf41e28e1789 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.private-shared-subnet.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: IRFhB94UHzhXOwVNuL3GgI3ww+N0Cc7yqFnVLrCTA64= +NodeupConfigHash: vtNbCi2JHDrzGVdfEDFVLBUIb4Ik6nLHpHo/G70CVsY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content index 567f3acbf50f5..29fa16439cddb 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-subnet.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-subnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 78feea9db04e5..dc42695e50daa 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-subnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/private-shared-subnet.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/private-shared-subnet.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content index 05d72f86dc5df..e563c5ddb7096 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 53fbdb8a90cd1..e6613b3fbb41f 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content index f00090cfdc834..652f49e8e8bcb 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 910043a53ef152b7c32d98e1f1e3fb1660557d36cdd2c1207874aac0fd6c5863 + manifestHash: 1d575a4b60e5691e4fdb243219eeceb0fccb7568940a03064d3773caf14fe2a5 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 0aef52b4fec035c3f6b72b2edcb30ee5a6cc82404bece926a11f09336ef0db0d + manifestHash: 2f3e4d832cb9e852c85ec8af72dca56f017cd9269ee86c89d017ee0f5c2c328a name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 8ae219a3466ae..1879785225f00 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml b/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml index 68c70b4b3204b..41c9d6f9a110f 100644 --- a/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.private-shared-subnet.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 62fc166c6b6bc..de363926894b1 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -541,7 +541,7 @@ resource "aws_launch_template" "bastion-private-shared-subnet-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -614,7 +614,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-subnet- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -696,7 +696,7 @@ resource "aws_launch_template" "nodes-private-shared-subnet-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data index 1aa711ea02375..42b3c7d2ffd01 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecalico.example.com ConfigBase: memfs://clusters.example.com/privatecalico.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 0zrVsZ9YLJdEbQ9i26XcouHxPBNm2iubrF+LHOoiQzM= +NodeupConfigHash: RxlEtHNfH53lI4clCWh1C3UxjvkLO1JxxKsSpMB82Eg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data index d7145ecd1a978..75a6a46b790bc 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecalico.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: M4JVU8sN/OLDmMrsAYw3+X7anH94lfKa/oTaj/nTCqg= +NodeupConfigHash: jPqQ8RBtT7qizMAfTzQGWl7nknWZuc7qmFD+1vberOo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content index 7643828e7066b..5dcba0e175772 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -80,10 +80,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,10 +106,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,13 +128,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,9 +144,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -167,7 +155,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -177,9 +165,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a5b515159350b..11925d5f588b8 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -236,19 +235,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -278,7 +271,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -289,9 +282,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -306,7 +296,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -320,8 +310,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content index 053cc4ce68115..f09fb2ad60908 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6f33460f79876..673845c7e2e16 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content index 72308fdcfaa80..993df8f3fc3bc 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 8a7817e016615a2de3f0ee07b6a3d53a6cd842bb1a77d0c70b614ba34ad09007 + manifestHash: 77f2da51c043335f042bfd91d197e73d586b81c05416a273dca3f1246a3e45a3 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -161,7 +154,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: f6554ccd03e4ed0f7b1a7f2e26e57b4f7934c9510c7977ecd31b1356ff22c78e + manifestHash: d5227e5509e4e419c84ad689d1e3e94cc2410bd214e34ffdeccb9a198ad9991c name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 4930411f2508b..64580538f8a7c 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml index 2548821f47307..4fd823e7f8347 100644 --- a/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml @@ -28,7 +28,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatecalico.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index a45ce619ff9ea..3eb789ced011e 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1017,14 +1017,6 @@ resource "aws_s3_object" "privatecalico-example-com-addons-kubelet-api-rbac-addo server_side_encryption = "AES256" } -resource "aws_s3_object" "privatecalico-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/privatecalico.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "privatecalico-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data index 3a93d1b82ae9d..fa148d3ab070f 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data +++ b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecanal.example.com ConfigBase: memfs://clusters.example.com/privatecanal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Tzt+LJNVum4rolb+f9MYOC2te4Nk8Li4n1tG0E8yThU= +NodeupConfigHash: dAwHqVTTO1qMtEX57Crs+jLAUgpZLTxB9Ku9bjOhj4M= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data index b8f3ee5f3b1a8..65d3d4db6f2af 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data +++ b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecanal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: SUBDaWUSj6cy/++lg4oXVkohdU9EAmH8PMjhwe9GFZI= +NodeupConfigHash: g+FERmpnJMbh0dwiue0Zq0f8blAQk19fqu/GYT6go/o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content index 5a40e570a09bc..c6cfb6ab9c7f9 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecanal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 leaderElection: leaderElect: true cloudProvider: aws @@ -80,9 +80,8 @@ spec: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,9 +108,8 @@ spec: clusterName: privatecanal.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +131,12 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 kubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,7 +150,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -165,7 +161,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.27.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -176,7 +172,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 871e4dff57eff..4631dea45c584 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,9 +26,8 @@ APIServerConfig: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,9 +57,10 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz @@ -68,9 +68,10 @@ Assets: - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -239,18 +240,16 @@ ControlPlaneConfig: clusterName: privatecanal.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +280,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,7 +292,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -309,7 +307,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content index e7b31289515d2..24abbb5ea901f 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -38,7 +40,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -50,7 +51,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 05fe82ae37c32..59ca0721d43e5 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content index bf4b5c5875fc9..a48cd2b618d45 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: acc0d848ab58867fee4fce0316f900da4e12cf52536c2684bdf9d70d8112caba + manifestHash: 940d9f4a3cf44a57e6c0a9215fedfcfa15bc56d4c9d3175ad592ee088e705d4d name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -161,7 +154,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 8218a862df2d60c98f8cdb578b11e9fe9d72014f58ef3f7e28c2aeb7fa7726ea + manifestHash: 83c24e3227c186629805bef655b3fb4a01b717c6aa7dc27dff8fe1a65fb5946b name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b2864b989c00b..92dad9a7fd299 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml index 3c972c30999c8..0198ce593ef19 100644 --- a/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.27.0 masterPublicName: api.privatecanal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index fe639d19a568a..606872094b7ec 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecanal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecanal-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privatecanal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1021,14 +1021,6 @@ resource "aws_s3_object" "privatecanal-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "privatecanal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/privatecanal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "privatecanal-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privatecanal.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data index 7ce958d74d038..ad291c8c24c33 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecilium.example.com ConfigBase: memfs://clusters.example.com/privatecilium.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: EfRmrXwAJQOY4THMrPgg1OclG1TjOfn3YrwOqJQhn9A= +NodeupConfigHash: 40b3WR+1nmKrGmrl04OXQ9Yx/d+XWdbEXyl9IYOlCNM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data index b23e9850413b5..c5b301b8a42ee 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecilium.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: he//sRQ65KbEnUJO8eysGmp6T+Apm2QIZkmgwwGhWBk= +NodeupConfigHash: egB3QUK5r1x1iEbPEcMJIkYui5A1Kl6gAahEVB6/c2c= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content index 7ccc5648b5f80..0b65985be4a87 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 3966bc022f7b7..6a7186730f3d3 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -236,19 +235,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -278,7 +271,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -289,9 +282,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -306,7 +296,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content index 7b5f563dbeb7d..e7874db989554 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index ec7506a450c71..3c0748749e714 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index 16a72837cdf0f..0c92a2b66907b 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: aeb3aa6d161bde2033e40fc4e1d361fe1aba8a420002720ead97d055ae198681 + manifestHash: da607990b738a0fc3b879b95c50cace16e060fbd6a0a0601081940dc4e68d90f name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: b44f7e419c737573d7494fca41e9f1f2d0ff7c69151ffe791fbcc98ee0ec9f75 + manifestHash: e5cffe367a44e3e3034e6b3c5732321b9feebe37055a5893ab639ea89039e0e0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 19dd7e29ac372..bb294c0477c01 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml index ca9ed82b01d79..16b3d6014ecce 100644 --- a/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatecilium.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf b/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf index dc1d1273cfb86..29a0485b94160 100644 --- a/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data index ebd2ab9cf86e2..34e257dada967 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecilium.example.com ConfigBase: memfs://clusters.example.com/privatecilium.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: swT+uk9CHBRhsFvAzxkDLb+fKSVD2hBWXvhPxKqZKrU= +NodeupConfigHash: QzOkP/bb4cvEAITtmgrXOLYNewJDySSNuSbxInDvY3o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data index fd51cadf3b494..a3ee845fddede 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecilium.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: wZAAlbLzFNgjOByiI0etqkRoYfZnPg0/EoyuwV/tfsU= +NodeupConfigHash: 3wyb6kd163A2CB3mJgFHt5BNIBff0ipOZDK7GVIeueU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content index 4e2615bc9af9a..6e3f598a4a4f8 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 5eaba384a5c6e..e71b669ded595 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -236,19 +235,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -278,7 +271,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -289,9 +282,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -306,7 +296,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -320,8 +310,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content index 7cbc04bb30cfd..6e51a67843ee7 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index ec7506a450c71..3c0748749e714 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index 6b580fc27d422..7118548d99f01 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: aeb3aa6d161bde2033e40fc4e1d361fe1aba8a420002720ead97d055ae198681 + manifestHash: da607990b738a0fc3b879b95c50cace16e060fbd6a0a0601081940dc4e68d90f name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: b44f7e419c737573d7494fca41e9f1f2d0ff7c69151ffe791fbcc98ee0ec9f75 + manifestHash: e5cffe367a44e3e3034e6b3c5732321b9feebe37055a5893ab639ea89039e0e0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 19dd7e29ac372..bb294c0477c01 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml index 8e98b5659e036..7ef6d547940ab 100644 --- a/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatecilium.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index dc1d1273cfb86..29a0485b94160 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index c27b43fc5a0b3..4e44e658a4dc8 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: aeb3aa6d161bde2033e40fc4e1d361fe1aba8a420002720ead97d055ae198681 + manifestHash: da607990b738a0fc3b879b95c50cace16e060fbd6a0a0601081940dc4e68d90f name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 19dd7e29ac372..bb294c0477c01 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data index 95ac1fc0eb4e6..d17f23a2199b1 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privateciliumadvanced.example.com ConfigBase: memfs://clusters.example.com/privateciliumadvanced.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: VQj+uyKj/ZW8kpJvfbAGxjupKJBIGzHfHv9sMXhk2NU= +NodeupConfigHash: 9wT29IerybgUIgq9QFx63Yyfy1ii1y0cPTeCV2ofLhg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data index 9ee884679220d..e5c4a95562634 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privateciliumadvanced.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 2bX4CTAC/f4IIS21cV5R3ADZPeaBZdsIm3JYPgvQAYs= +NodeupConfigHash: L/UN25Y47L5YTL17lbsaL3myROvdrPMcXay1q9y65JA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content index db628f8467f09..b81db479da4b1 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privateciliumadvanced.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -88,10 +88,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -117,10 +114,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privateciliumadvanced.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -143,13 +137,10 @@ spec: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m enabled: false - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,9 +153,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -175,7 +163,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -185,9 +173,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e6811dcd49392..078ff81542193 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -303,19 +302,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privateciliumadvanced.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -356,9 +349,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -373,7 +363,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -389,8 +379,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privateciliumadvanced.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privateciliumadvanced.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content index 6316faf679fa4..c25b989768364 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: @@ -54,9 +56,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -67,7 +66,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -78,7 +77,7 @@ UseCiliumEtcd: true containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index a828e03e9dedc..8d573d9643a71 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content index 55db92767aee1..4b452e7183e50 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: b737e54a084e4ccafe7617f292fb5f7a7ec6df2d4429081b628c6c3b0c5d79f2 + manifestHash: 5a277128e8ec24bd649db2dbd406ef3e0148b86b25f640f1bd528e69cdf29d39 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 4db6adbf7df98b689d00cec1d0dc6c38759002a37b31785cd5487d880e63e8d4 + manifestHash: da23ef882a43d178c362023e7df83b1fbb49c9156a324b9b15e2832ccff8a5b4 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index de0cccb6fda09..12f4cd3928a1f 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml b/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml index 4fc18ad14d5fb..e769a1dc9bc24 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml @@ -27,7 +27,7 @@ spec: anonymousAuth: false kubeProxy: enabled: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privateciliumadvanced.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index b1000212b548e..8f23309ac0689 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -581,7 +581,7 @@ resource "aws_launch_template" "bastion-privateciliumadvanced-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -654,7 +654,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateciliumadvanced- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -736,7 +736,7 @@ resource "aws_launch_template" "nodes-privateciliumadvanced-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content index d0f7e493f963a..c4941d009c7c3 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 6a7394ac07ef8b3a5659210de83fa137d3a007cc8715abfb793723f071d7e9cd + manifestHash: 40891b41bc5febb699cdfd8fefca0b971412f1714ad968506723ee4dbf613b89 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 3db3164523c97..bcbd51b1c54a1 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data index 39899169ec51b..4d7cd92d3c238 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data +++ b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatedns2.example.com ConfigBase: memfs://clusters.example.com/privatedns2.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ugcZCytvVGwU/qlDja4S935pP2wFpAD7EuEq1Pd7VLs= +NodeupConfigHash: qYlQccQBSXjbroja9vvv1JMF8afW6QZu5AOEmy5bD1E= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data index 2807cc960c3e3..567788f9c0113 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data +++ b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatedns2.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: qV8GSQcmXX1Ts13q1IlJW1i3/TYBzSL47CeQ/T2/ypk= +NodeupConfigHash: nAk20zSeCR87WiHZkfsrUYrueEHJE+mHJtyTI6n3Yus= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content index 0200472505394..21beba10a985e 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatedns2.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: private.example.com etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatedns2.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 204f896db8ee9..a5152f259b68f 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatedns2.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatedns2.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatedns2.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content index e6294a7aeda70..53f10ef019580 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 5fdd615e86c7d..a20e1dfa07140 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content index 4e95886146e21..787dc77af3df9 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2da791098b301283a4e31f0d085e37da81573f4f3539bda8c691eee92f1efc08 + manifestHash: af0247137adc9d4f85c2e90d8270c80be73fa9ee7d88b6e061e5b9a7738aa56e name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: acdd832733a91cf253505bccc0158998f81c7524d88b0a3a206633a9e5eb80f8 + manifestHash: b51a2989f16e97ccd7bcfce65c3249a78402f0b107b36ea383fdc3bb03dbb32f name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 8a06cb8366ebc..1850c02d0c4a2 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml b/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml index 4860eb80a5986..8babf0b2ff6e1 100644 --- a/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatedns2.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 23afd69cc0e0d..faed780256cf7 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -555,7 +555,7 @@ resource "aws_launch_template" "bastion-privatedns2-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -628,7 +628,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns2-example-co http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -710,7 +710,7 @@ resource "aws_launch_template" "nodes-privatedns2-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data index 60f50587cac20..473b9d7280181 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data +++ b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privateflannel.example.com ConfigBase: memfs://clusters.example.com/privateflannel.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ho6rEzIIk4sdKLxtW8FlR3pP2LuvlAeaGwNUlFWqcYc= +NodeupConfigHash: frJ+3em7tsd7U8juD4BdvZ0m8uQvv544oIco1bwtu24= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data index f839ec1077416..8d2e202a8902a 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data +++ b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privateflannel.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: yPM+1DZtG568OGiywi4TJ4rMmQPClrdGQaPnawSzNBQ= +NodeupConfigHash: 0+QkObS6BSd1LE17caDANNiEQFr57M16T+x+OlqA7/M= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content index 2fb8a8f295d07..6fa3f19941fe9 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privateflannel.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 leaderElection: leaderElect: true cloudProvider: aws @@ -80,9 +80,8 @@ spec: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,9 +108,8 @@ spec: clusterName: privateflannel.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +131,12 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 kubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,7 +150,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -165,7 +161,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.27.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -176,7 +172,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e87382d3b4b6c..096314764d022 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,9 +26,8 @@ APIServerConfig: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,9 +57,10 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz @@ -68,9 +68,10 @@ Assets: - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -239,18 +240,16 @@ ControlPlaneConfig: clusterName: privateflannel.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +280,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,7 +292,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -309,7 +307,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: flannel: {} nonMasqueradeCIDR: 100.64.0.0/10 diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content index 6278239688484..bb3b21dbca9b0 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -38,7 +40,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -50,7 +51,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: flannel: {} nonMasqueradeCIDR: 100.64.0.0/10 diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 3be6513f9c601..2c02bc0a3d391 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content index cccaa130dbb34..e19369813d595 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 7d883a4eb3240d3dd2f122a48413b2b439fc351309d83247c544f297fcc5978e + manifestHash: 91d6cc9356d1ab6dbfa1efeb50a7dd4a14bfae60bb4336efcc90ef59e8afbccf name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -157,7 +150,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 54c6191dbc48c0b1f2782709e6fef7172b43b84ac020090f599514e6c7aa6132 + manifestHash: 8f54dad8b0e9f198bcd6ce418ee9d4426bf18180ec35c73ce5a728602e87c5de name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 25d5458da2d84..05002cdb99afc 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml b/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml index 50325c97838c9..129f5ba767433 100644 --- a/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.27.0 masterPublicName: api.privateflannel.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index 231a96b62f675..9ad06f0d82bdb 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privateflannel-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateflannel-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privateflannel-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1021,14 +1021,6 @@ resource "aws_s3_object" "privateflannel-example-com-addons-kubelet-api-rbac-add server_side_encryption = "AES256" } -resource "aws_s3_object" "privateflannel-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/privateflannel.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "privateflannel-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privateflannel.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data index 51f2107735037..1f2e334bbdbaf 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatekopeio.example.com ConfigBase: memfs://clusters.example.com/privatekopeio.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 2Zib712nqQzsgrq6EakAWULkD6927ShyRMYWm480gkY= +NodeupConfigHash: avwAe4vqF+fEW1aWfXdSP6UrAE9MuyNBY4WqXUqwvtQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data index d3f7dda3b4507..8631a1995ef6b 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatekopeio.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Gxk3MwyCvSdma4NZKTetNcirTamAo+gCCSRfg6B2EGU= +NodeupConfigHash: QFckf124T5Lw4DusMYCtIGhM4BQNjhY1BrLMe6YISR4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content index 5cc152fd65dc0..6abca0e78ac60 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatekopeio.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatekopeio.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e535aaaace842..11f79b1becfeb 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatekopeio.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatekopeio.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatekopeio.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content index 5d68953d30ebf..58b6a3a790af2 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UsesKubenet: true containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 8c02ce3ff0741..bfde36dc0ac77 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content index 4f63fe30ba4e0..9f3ebcf2635ad 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 8ee134e21e799f2708c68c901427013a073b2fe06ff51ea04277ed5dca2c566b + manifestHash: 7bbe3a24605ebf12e1771b737a37f1e0e8fed6844732d4afaa677000717dbdfa name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -148,7 +148,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 05ece9851eb77341c75d3e7699cfe886e5a71ecb87dcfa20e89752b91e2b6bc1 + manifestHash: 842f48efaf6d6d1830cc85d2756da18dd2e9146ed6e27a3cffc61b23c5dee06c name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index f3af901954aae..0d967b1037d3a 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml b/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml index 256a47b51d699..cd4a7a50799d7 100644 --- a/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatekopeio.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index 29515bbb8b6d0..e70c821c9eb5d 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -570,7 +570,7 @@ resource "aws_launch_template" "bastion-privatekopeio-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -643,7 +643,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatekopeio-example- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -725,7 +725,7 @@ resource "aws_launch_template" "nodes-privatekopeio-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index acece66d4afce..c43dd664aed7e 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data index 17f97bb66d307..ec6065e8a8760 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data +++ b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: sharedsubnet.example.com ConfigBase: memfs://clusters.example.com/sharedsubnet.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: T1Xxh9Yn+KIjSZlnh7NnF4Fiepi76IF+Z9IiuIbfW6k= +NodeupConfigHash: VkYkFNQ9ddKiEPFaEl8f1AoFafsrC/ljkmii0ziE6Xc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data index 9c2f70e3b8cb1..00ae149a0b742 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data +++ b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.sharedsubnet.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: r9Py9m0JcWzZGwSQsGI/A62heJNwC9LdtjxaYIXffHM= +NodeupConfigHash: uJvXufU+1GlDNt/sDK7DM1Xy4wbgZaEIGncZN2506FM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content index b3b33c55ca462..d3dff8b4af3a2 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedsubnet.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedsubnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 6c0a393d297ea..99a88064b90b1 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: sharedsubnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/sharedsubnet.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/sharedsubnet.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content index a536b80e34154..ca28f79db6e9b 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index d482680b45621..aec9b4d9d48dd 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content index 0480cf7e0efe7..ac7e464aee62f 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 863a1778304a7e7b2b066aabecf01dbaaf087aa4dad6b3f878880a85df5cdc05 + manifestHash: c53c4c31707b4ea1a3544f206d03c15d08d1b27be99870803d2a8eba04f971f0 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 06871aefbcd4ca3585dc42941f25cde59a7f87a99ed2ecaa0d624a19fed6d81e + manifestHash: 4db09b7474382e57e064f2dd2cf00b55639dd9c1c37ac8373e6ec8e6b31e5c5b name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 51fbdf5754f62..f67da96b10efe 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml b/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml index 7b6994c3c7d05..99d43b0ac6f00 100644 --- a/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.sharedsubnet.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index 0016378bdc6ef..4071b7d846e4f 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -411,7 +411,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedsubnet-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -493,7 +493,7 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data index edb3c44a9481a..7695d19f6d5ca 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: sharedvpc.example.com ConfigBase: memfs://clusters.example.com/sharedvpc.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 3YCh3ulkOfZaSM42BZbdgTUMzKLqjP+aDAza4H/lEE0= +NodeupConfigHash: TWMoWpBK8qHHvmy0UKEC0nAAD06dgB5vu+Nq3mxhsGg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data index 3599bdfb8c80a..ded7f47b2e1b7 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.sharedvpc.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: JVILxDaCMA/JQxC9oUwfLlFIMy5f4WLUR7MERdx6UXk= +NodeupConfigHash: 03xc+UTihEqt7xtdqh3WnCmRvtmw9uAhSl2gslGYxD4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content index 7f875ef4a1466..49cbbc3271964 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedvpc.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedvpc.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index dfdc6d12b671e..a7ae408209b15 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: sharedvpc.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/sharedvpc.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/sharedvpc.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content index f03dd7d3b301c..c2060d976fcc2 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index bb305282665cb..1bf416f327858 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content index f0a628890f786..0e7afd62af4c2 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: a5fb71a5c52f8b824777bc682da3814b7b27e41c30aba2e897cb67936154ccf8 + manifestHash: 38b43185120de69e389c3997b955618f884986b10d5f8e3e7318237117c82c89 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: ddc0ce25729bdab75f6ef6e7151715925513949eec1170975f82dfc21a5b6695 + manifestHash: 20ef7404a82b9fc3c21cfc5934d2cdb3acd19dc1952aa1e68c904b7e803f4eb7 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 60724b1f54d1e..33ece639bba34 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml b/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml index 0cbb5be206879..eea82aefc4ee7 100644 --- a/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.sharedvpc.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index 68be601fa6246..81f92ee7ebca0 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -411,7 +411,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedvpc-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -493,7 +493,7 @@ resource "aws_launch_template" "nodes-sharedvpc-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index c5d869cf4ce07..252860c4f805b 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ova1xYqaZS5E5uQNAiCIBVHcoMGGf+DBLF5/WdCmsrM= +NodeupConfigHash: G0hPd4eCJMAGg6pYrHIo9wfKq54mPMVabGDoyBMD2Ys= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index c9dc716360e98..44982fd21f2f9 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Suh4p0bTQdigoYjO1dUnjDxRE8QVjilE46kAJsS1hw8= +NodeupConfigHash: APtMtZEprhYFWmjygsGZC7lNfj9mFxTkuQ7aqfvRjgE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content index 9f2909b246e88..8e0f243cdbcb2 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234e31..3089f7d99c381 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index b1091896c9bdd..676623b59b3a9 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b06e..7f92a8042cb54 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd241..0000000000000 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f14cae1b257ec..945356633247e 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content index d21db8daffb73..62be24183b551 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml b/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml index 954403d60335a..86d2b4abff397 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf b/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf index 896b1da0627a3..6c4778d74cf80 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf @@ -465,7 +465,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -547,7 +547,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -907,14 +907,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data index d0a8dd46a621f..78a6da7a1a1dc 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data +++ b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: unmanaged.example.com ConfigBase: memfs://clusters.example.com/unmanaged.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: vB751VwdGSEBu+XxAz1BYvCDODKU5uxOtZzrO5GwEEs= +NodeupConfigHash: 6nJb7sJeadxJnUHbDu+GEKQrAtxx6zKBIg60fO/i+TQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data index 2de4fec4300ce..341400d9789ab 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data +++ b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.unmanaged.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 3d72M+QofcXI3iMTzGRwvc9nhdMSOqd0IORgF4p0L1U= +NodeupConfigHash: 7aOz1O9etlUlJu29lWdUR7ejfTKywjc4IICwkDrbYFQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content index 986a3a53dc002..56112e4920b5d 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: unmanaged.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: unmanaged.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 998790ce210cd..6a52ec79a041a 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: unmanaged.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/unmanaged.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/unmanaged.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content index fa1352dfe5812..a80b063714cb5 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index f9254bb0948ce..dad26df6603dd 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content index e847b0ba1e480..6ffda9e22f654 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: dcd2e2c10ce874998e49749f3231e7a8bd03400cb2b7afa06d3bd9b4e212a9fa + manifestHash: e2e3831d7fb0e881d3517d2e35d21734460dc93ea948cbb80d4cda1c976b8f6c name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3c8f512da962ccc2d96abbcfaccb561e541e61d21a551353b81076d5748f569b + manifestHash: c6c6a5e86c45805ae2b7dd7f690023b1141208c24d37b501d545e05498a72d60 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index f72ff561d045c..3e124cec1e066 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml b/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml index 83ab534eef8f3..7a97046389b4c 100644 --- a/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.unmanaged.example.com networkID: vpc-12345678 networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index 3d3222f1e9dfd..e8762d3559167 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -546,7 +546,7 @@ resource "aws_launch_template" "bastion-unmanaged-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -619,7 +619,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-unmanaged-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -701,7 +701,7 @@ resource "aws_launch_template" "nodes-unmanaged-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7898..a7e5ee4cd8dfc 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bcafa..26c4acec16789 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content index 147a4de6431d5..349b6c19a0b0d 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daac5b..adc407bc8039c 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 2c3f3b4fdfeb2..6696cb9bf522a 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510459..4aa1194f1eb2c 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade79ab..54a6828c9ded2 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbdae8..da75b50a113ba 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml b/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml index 0a11d4640dadb..236f50e2a6527 100644 --- a/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/vfs-said/kubernetes.tf b/tests/integration/update_cluster/vfs-said/kubernetes.tf index 91793b75e1d3c..f4119141052f4 100644 --- a/tests/integration/update_cluster/vfs-said/kubernetes.tf +++ b/tests/integration/update_cluster/vfs-said/kubernetes.tf @@ -441,7 +441,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -523,7 +523,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml index a5c04d183ffd5..6e198d9a3e156 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml index a5c04d183ffd5..6e198d9a3e156 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml index 83fd366cd74d9..87ca1822c2185 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index 9d20fcd148b0e..65dbfb0483c04 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 850dd51121c3ea4eb2ce31f16862580c71e721c13593c6e60e9ab6724cf2b123 + manifestHash: 494762e346e6a111ec4a9d304f46c91487b597e7280001d1dbabde02ef0057cd name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml index b636c7a37b796..f54d077977986 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml index 06a7ffd20469c..0818b625252b9 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml index 4e7fa23586229..ae48acf083cec 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml index fa1837f61df6d..f8a15ba5037cb 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -121,7 +114,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: d6c71f99d6cb21362bbfaf25aa6c388e68f29f750a002f4b6c073c42ee4c44fa + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml index 178a380cac6ae..85541fa758d08 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -178,7 +171,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: d6c71f99d6cb21362bbfaf25aa6c388e68f29f750a002f4b6c073c42ee4c44fa + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml index 389ea61a8e46f..4005b8efb14a3 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io