-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 1.24.0 #13957
Merged
Merged
Release 1.24.0 #13957
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
cncf-cla: yes
Indicates the PR's author has signed the CNCF CLA.
size/XXL
Denotes a PR that changes 1000+ lines, ignoring generated files.
labels
Jul 8, 2022
hakman
added
the
tide/merge-method-squash
Denotes a PR that should be squashed by tide when it merges.
label
Jul 8, 2022
olemarkus
approved these changes
Jul 8, 2022
k8s-ci-robot
added
lgtm
"Looks good to me", indicates that a PR is ready to be merged.
approved
Indicates a PR has been approved by an approver from all required OWNERS files.
labels
Jul 8, 2022
k8s-ci-robot
added
area/documentation
and removed
lgtm
"Looks good to me", indicates that a PR is ready to be merged.
labels
Jul 8, 2022
olemarkus
reviewed
Jul 8, 2022
olemarkus
approved these changes
Jul 8, 2022
k8s-ci-robot
added
the
lgtm
"Looks good to me", indicates that a PR is ready to be merged.
label
Jul 8, 2022
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: olemarkus The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
yehielnetapp
added a commit
to spotinst/kubernetes-kops
that referenced
this pull request
Aug 22, 2022
* run update expected * Add release note and getting started entries for Hetzner * Fix kops update for OpenStack with LB In the last PR to support OVN provider for LB, listener will refer to load balancer provider for ACL settings. While currently get listener API returns empty Pools, which will cause nil pointer dereference when referring Pool.Loadbalancer.Provider. This commit fix this issue by getting pool information with DefaultPoolID when Pools is empty. As I added GetPool function, the origin GetPool function is renamed to GetPoolMember. * bump k8s versions with May releases * Add support for configuring which metrics cilium will export * Update troubleshoot.md * Remove unused DNS logic from Protokube * Fix Protokube gossip flag * Refactor cloud providers and remove unused code from Protokube * Bump actions/setup-go from 3.1.0 to 3.2.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@fcdc436...b22fbbc) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Use dependabot for Go deps * Fix links to go docs Go doc link path is case-sensitive, so use all-lowercase `kops` in the path. * Use build tags for Protokube * Clarify difference between terraform and kOps state stores * Update gophercloud to v0.25.0 This commit updates gophercloud to newest v0.25.0 release. The SOURCE_IP_PORT LB method is also updated to the reference in the new release in align with ROUND_ROBIN. * Bump github.com/spotinst/spotinst-sdk-go from 1.118.0 to 1.120.0 Bumps [github.com/spotinst/spotinst-sdk-go](https://github.com/spotinst/spotinst-sdk-go) from 1.118.0 to 1.120.0. - [Release notes](https://github.com/spotinst/spotinst-sdk-go/releases) - [Changelog](https://github.com/spotinst/spotinst-sdk-go/blob/main/.goreleaser.yaml) - [Commits](spotinst/spotinst-sdk-go@v1.118.0...v1.120.0) --- updated-dependencies: - dependency-name: github.com/spotinst/spotinst-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump NTH to 1.16.5 * promote alpha to stable (k8s releases) * update openstack ccm + csi * Migrate EBS CSI images back to registry.k8s.io * bump aws cni to 1.11.2 * hack/update-expected * Add CSI driver for Hetzner * Use kubectl replace instead of apply when updating addons * Release 1.24.0-beta.1 (kubernetes#13730) * Add hashes for latest Docker versions * Update Docker to v20.10.17 * Run hack/update-expected.sh * Add hashes for latest containerd versions * Update containerd to v1.6.6 * Run hack/update-expected.sh * Update containerd fallback to v1.4.13 * Channels to have exit status 1 on apply failure * Fix codegen targets and whitespace errors in Makefile ${KOPS_ROOT}/_output/bin should be a directory rather than the fistask binary. * Add support for setting mode field on file assets * Update documentation for fileAssets and fix whitespace error * Revert "Use kubectl replace instead of apply when updating addons" This reverts commit 18c5d18. * Fix API group being incorrect for ingresses * Update after running hack/update-expected.sh * Update runc to v1.1.3 * Run hack/update-expected.sh * Update AWS CCM images for k8s 1.20-1.22 * Run hack/update-expected.sh * Fix namespace for cert manager webhook config * Avoid spurious changes with ed25519 keys * Add back the metrics-server 443 port with a new name SSA is keyed on port, but requires unqiue name. So we need to add this back to avoid a duplicate port name error. After this change, kops does own the value and we can remove this some time in the future. * Fix broken node selector for node termination handler * Release 1.24.0-beta.2 (kubernetes#13788) * replace flexdriver with busybox * update expected * Update etcd-manager to v3.0.20220617 * Run hack/update-expected.sh * Fix tests * Do not run CAS on spot instances * Fix GCE resource tracking * Limit GCE ASG labels to 63 chars * Run hack/update-expected.sh * Adding GuestAccelerators to InstanceTemplate * Limit GCE tag for role to 63 chars * Replace manifests after apply * Fix upgrade-ab skip e2e test * Don't try to manage the kube-system namespace * Run hack/update-expected.sh * Remove unneeded kube-proxy service account * Move kube-dns service account to kube-dns addon * Completely remove core addons * Run hack/update-expected.sh * Disable removal or CCM leader migration * Release 1.24.0-beta.3 * Clean-up firewall rules that contain targets with the cluster name hash * Add integration test for GCE cluster with very long cluster name * Log errors from detachInstance * gce: Move out of beta, drop feature flag GCE support seems stable now, and we have good clarity at the API level and how that translates to GCP resources, which was our blocker previously. Drop the need for the feature-flag. * Run make gen-cli-docs * gce: set ProvisioningModel on InstanceTemplate Because of how we compare InstanceTemplates, this was causing spurious differences. Add the minimal support, setting the value to the default. * Fix cleanup of firewall rules that contain the cluster name hash * Apply PKI even if addon fails * Update dependencies * Refactor ClusterPrefixedName and ClusterSuffixedName to not return error * Mount /etc/hosts from host for CoreDNS * Run hack/update-expected.sh * Limit GCE names to 63 chars for various resources * Make IRSA webhook configure apps to use regional STS and set the default region on them * Make it possible to enable the shield addon for LBC * Increase length of cluster name for GCE long cluster name integration test * Add integration test for GCE cluster with internal LB and very long cluster name * Run hack/update-expected.sh * Limit GCE router name to 63 chars * Run hack/update-expected.sh * Remove the v1alpha3 API version * Update Cilium to 1.11.6 * Fix unsetting ASG max price * Revert "Add back the metrics-server 443 port with a new name" This reverts commit 6d0cc42. * aws: introduce maximum instance lifetime in cluster The maximum instance lifetime is an AWS only feature and specifies the maximum amount of time (in seconds) that an instance can be in service before it is terminated and replaced. A common use case might be a requirement to replace your instances on a schedule because of internal security policies or external compliance controls. * Fix doc of NewOpenStackCloudProvider * Add config drive as a source for OpenStack instance metadata This adds the config drive as an additional source for instance metadata when using OpenStack. * Be more specific when filtering OS instance ports This adds an additional filter for ports attached to an instance, so that only ports tagged with the cluster name will be considered. Basically, this enables adding ports to the server independent from the provisioning process. To not break clusters provisioned with older kOps versions, when there are no tagged ports found it will still consider all the ports of an instance. * Use csi-snapshotter for OS only when the controller is enabled * Bump EBS CSI driver to 1.8.0 * Run hack/update-expected.sh * Release 1.24.0 (kubernetes#13957) * Use Calico v3.23 for Kubernetes 1.22+ * Run hack/update-expected.sh * Use control-plane node role for AWS IAM Authenticator * Enable AWS IAM Authenticator in complex integration test * Upgrade complex integration test case to k8s 1.24 * Skip deregistering the instance during rolling update for Spotinst * Upgrade aws-iam-authenticator to v0.5.9 * Add option to set etcd-manager backup interval * Use only IPv4 for Hetzner servers * Add option to set number of replicas for pod-identity-webhook * Update etcd-manager to v3.0.20220717 * Run hack/update-expected.sh * Update Go to v1.18.4 * Remove replaces from go.mod * Update k8s.io/client-go to match k8s.io/api * Run "make gomod" * Upgrade DO CSI driver to 4.2.0 * Update Calico to v3.23.2 * Update Calico to v3.23.3 * Update Canal to v3.23.3 * Run hack/update-expected.sh * Switch to latest MacOS version for CI * Update dependencies * Revert to using instance private DNS name to lookup hostname * Add server group management for Hetzner * Update etcd-manager to v3.0.20220727 * Run hack/update-expected.sh * Check keyset existence before attempting to distrust * Fix SIGSEGV when deleting a Hetzner instance * Remove namespaces from cluster-scoped resources in CNI manifests * ./hack/update-expected.sh * Enable rolling updates for Hetzner * Wait for load balancer to be ready for Hetzner * Add multiple SSH keys support for Hetzner * Use cabundle for etcd CA files * Release 1.24.1 (kubernetes#14071) * Allow configuring OpenStack CCM networking options * aws-ebs-csi-driver: remove preStop hook The hook can cause issue on execution, like ``` Exec lifecycle hook ([/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock]) for Container "node-driver-registrar" in Pod "ebs-csi-node-96jbk_ebs-csi(a82c6d41-bd2b-42dd-b092-e3acd4c43b62)" failed - error: command '/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock' exited with 126: , message: "OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: exec: \"/bin/sh\": stat /bin/sh: no such file or directory: unknown\r\n" ``` Moreover, it has been deleted from upstream driver, see this patch kubernetes-sigs/aws-ebs-csi-driver@6e59160 Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> * fixup! aws-ebs-csi-driver: remove preStop hook * Add option to configure runc version for containerd * Run hack/update-expected.sh * Bump nvidia device plugin to 0.12.0 * Add hashes for containerd v1.6.7 * Update containerd to v1.6.8 * Run hack/update-expected.sh * Disable some flags in kube-controller-manager and kube-scheduler when logging-format is not text Disable these flags because these are not accepted. * --logtostderr * --alsologtostderr * --log-file * Add deployment-specific selectors to nth pdb If not, when migrating from imds-mode to sqs-mode, the selectors will match the daemonset pods, which doesn't work with pdb * Bump the CCM images * Limit GCE network names to 63 chars * Run hack/update-expected.sh Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: Jesse Haka <haka.jesse@gmail.com> Co-authored-by: Kubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com> Co-authored-by: Ciprian Hacman <ciprian@hakman.dev> Co-authored-by: Gene Kuo <igene@igene.tw> Co-authored-by: Moshe Shitrit <moshe@s5t.dev> Co-authored-by: Ole Markus With <o.with@sportradar.com> Co-authored-by: simonc <simonc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ilya Shaisultanov <ishaisultanov@plaid.com> Co-authored-by: Peter Rifel <pgrifel@gmail.com> Co-authored-by: Eric Bailey <eric@ericb.me> Co-authored-by: Julien Perignon <perignon.julien@gmail.com> Co-authored-by: Ivan Volynkin <jonasasx@gmail.com> Co-authored-by: justinsb <justinsb@google.com> Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> Co-authored-by: Reilly Brogan <reilly@reillybrogan.com> Co-authored-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: ederst <stefan.prietl@bearingpoint.com> Co-authored-by: Nicolas Sterchele <nicolas@sterchelen.net> Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com> Co-authored-by: AkiraFukushima <h3.poteto@gmail.com>
7 tasks
yehielnetapp
added a commit
to spotinst/kubernetes-kops
that referenced
this pull request
Aug 24, 2022
* run update expected * Add release note and getting started entries for Hetzner * Fix kops update for OpenStack with LB In the last PR to support OVN provider for LB, listener will refer to load balancer provider for ACL settings. While currently get listener API returns empty Pools, which will cause nil pointer dereference when referring Pool.Loadbalancer.Provider. This commit fix this issue by getting pool information with DefaultPoolID when Pools is empty. As I added GetPool function, the origin GetPool function is renamed to GetPoolMember. * bump k8s versions with May releases * Add support for configuring which metrics cilium will export * Update troubleshoot.md * Remove unused DNS logic from Protokube * Fix Protokube gossip flag * Refactor cloud providers and remove unused code from Protokube * Bump actions/setup-go from 3.1.0 to 3.2.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@fcdc436...b22fbbc) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Use dependabot for Go deps * Fix links to go docs Go doc link path is case-sensitive, so use all-lowercase `kops` in the path. * Use build tags for Protokube * Clarify difference between terraform and kOps state stores * Update gophercloud to v0.25.0 This commit updates gophercloud to newest v0.25.0 release. The SOURCE_IP_PORT LB method is also updated to the reference in the new release in align with ROUND_ROBIN. * Bump github.com/spotinst/spotinst-sdk-go from 1.118.0 to 1.120.0 Bumps [github.com/spotinst/spotinst-sdk-go](https://github.com/spotinst/spotinst-sdk-go) from 1.118.0 to 1.120.0. - [Release notes](https://github.com/spotinst/spotinst-sdk-go/releases) - [Changelog](https://github.com/spotinst/spotinst-sdk-go/blob/main/.goreleaser.yaml) - [Commits](spotinst/spotinst-sdk-go@v1.118.0...v1.120.0) --- updated-dependencies: - dependency-name: github.com/spotinst/spotinst-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump NTH to 1.16.5 * promote alpha to stable (k8s releases) * update openstack ccm + csi * Migrate EBS CSI images back to registry.k8s.io * bump aws cni to 1.11.2 * hack/update-expected * Add CSI driver for Hetzner * Use kubectl replace instead of apply when updating addons * Release 1.24.0-beta.1 (kubernetes#13730) * Add hashes for latest Docker versions * Update Docker to v20.10.17 * Run hack/update-expected.sh * Add hashes for latest containerd versions * Update containerd to v1.6.6 * Run hack/update-expected.sh * Update containerd fallback to v1.4.13 * Channels to have exit status 1 on apply failure * Fix codegen targets and whitespace errors in Makefile ${KOPS_ROOT}/_output/bin should be a directory rather than the fistask binary. * Add support for setting mode field on file assets * Update documentation for fileAssets and fix whitespace error * Revert "Use kubectl replace instead of apply when updating addons" This reverts commit 18c5d18. * Fix API group being incorrect for ingresses * Update after running hack/update-expected.sh * Update runc to v1.1.3 * Run hack/update-expected.sh * Update AWS CCM images for k8s 1.20-1.22 * Run hack/update-expected.sh * Fix namespace for cert manager webhook config * Avoid spurious changes with ed25519 keys * Add back the metrics-server 443 port with a new name SSA is keyed on port, but requires unqiue name. So we need to add this back to avoid a duplicate port name error. After this change, kops does own the value and we can remove this some time in the future. * Fix broken node selector for node termination handler * Release 1.24.0-beta.2 (kubernetes#13788) * replace flexdriver with busybox * update expected * Update etcd-manager to v3.0.20220617 * Run hack/update-expected.sh * Fix tests * Do not run CAS on spot instances * Fix GCE resource tracking * Limit GCE ASG labels to 63 chars * Run hack/update-expected.sh * Adding GuestAccelerators to InstanceTemplate * Limit GCE tag for role to 63 chars * Replace manifests after apply * Fix upgrade-ab skip e2e test * Don't try to manage the kube-system namespace * Run hack/update-expected.sh * Remove unneeded kube-proxy service account * Move kube-dns service account to kube-dns addon * Completely remove core addons * Run hack/update-expected.sh * Disable removal or CCM leader migration * Release 1.24.0-beta.3 * Clean-up firewall rules that contain targets with the cluster name hash * Add integration test for GCE cluster with very long cluster name * Log errors from detachInstance * gce: Move out of beta, drop feature flag GCE support seems stable now, and we have good clarity at the API level and how that translates to GCP resources, which was our blocker previously. Drop the need for the feature-flag. * Run make gen-cli-docs * gce: set ProvisioningModel on InstanceTemplate Because of how we compare InstanceTemplates, this was causing spurious differences. Add the minimal support, setting the value to the default. * Fix cleanup of firewall rules that contain the cluster name hash * Apply PKI even if addon fails * Update dependencies * Refactor ClusterPrefixedName and ClusterSuffixedName to not return error * Mount /etc/hosts from host for CoreDNS * Run hack/update-expected.sh * Limit GCE names to 63 chars for various resources * Make IRSA webhook configure apps to use regional STS and set the default region on them * Make it possible to enable the shield addon for LBC * Increase length of cluster name for GCE long cluster name integration test * Add integration test for GCE cluster with internal LB and very long cluster name * Run hack/update-expected.sh * Limit GCE router name to 63 chars * Run hack/update-expected.sh * Remove the v1alpha3 API version * Update Cilium to 1.11.6 * Fix unsetting ASG max price * Revert "Add back the metrics-server 443 port with a new name" This reverts commit 6d0cc42. * aws: introduce maximum instance lifetime in cluster The maximum instance lifetime is an AWS only feature and specifies the maximum amount of time (in seconds) that an instance can be in service before it is terminated and replaced. A common use case might be a requirement to replace your instances on a schedule because of internal security policies or external compliance controls. * Fix doc of NewOpenStackCloudProvider * Add config drive as a source for OpenStack instance metadata This adds the config drive as an additional source for instance metadata when using OpenStack. * Be more specific when filtering OS instance ports This adds an additional filter for ports attached to an instance, so that only ports tagged with the cluster name will be considered. Basically, this enables adding ports to the server independent from the provisioning process. To not break clusters provisioned with older kOps versions, when there are no tagged ports found it will still consider all the ports of an instance. * Use csi-snapshotter for OS only when the controller is enabled * Bump EBS CSI driver to 1.8.0 * Run hack/update-expected.sh * Release 1.24.0 (kubernetes#13957) * Use Calico v3.23 for Kubernetes 1.22+ * Run hack/update-expected.sh * Use control-plane node role for AWS IAM Authenticator * Enable AWS IAM Authenticator in complex integration test * Upgrade complex integration test case to k8s 1.24 * Skip deregistering the instance during rolling update for Spotinst * Upgrade aws-iam-authenticator to v0.5.9 * Add option to set etcd-manager backup interval * Use only IPv4 for Hetzner servers * Add option to set number of replicas for pod-identity-webhook * Update etcd-manager to v3.0.20220717 * Run hack/update-expected.sh * Update Go to v1.18.4 * Remove replaces from go.mod * Update k8s.io/client-go to match k8s.io/api * Run "make gomod" * Upgrade DO CSI driver to 4.2.0 * Update Calico to v3.23.2 * Update Calico to v3.23.3 * Update Canal to v3.23.3 * Run hack/update-expected.sh * Switch to latest MacOS version for CI * Update dependencies * Revert to using instance private DNS name to lookup hostname * Add server group management for Hetzner * Update etcd-manager to v3.0.20220727 * Run hack/update-expected.sh * Check keyset existence before attempting to distrust * Fix SIGSEGV when deleting a Hetzner instance * Remove namespaces from cluster-scoped resources in CNI manifests * ./hack/update-expected.sh * Enable rolling updates for Hetzner * Wait for load balancer to be ready for Hetzner * Add multiple SSH keys support for Hetzner * Use cabundle for etcd CA files * Release 1.24.1 (kubernetes#14071) * Allow configuring OpenStack CCM networking options * aws-ebs-csi-driver: remove preStop hook The hook can cause issue on execution, like ``` Exec lifecycle hook ([/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock]) for Container "node-driver-registrar" in Pod "ebs-csi-node-96jbk_ebs-csi(a82c6d41-bd2b-42dd-b092-e3acd4c43b62)" failed - error: command '/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock' exited with 126: , message: "OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: exec: \"/bin/sh\": stat /bin/sh: no such file or directory: unknown\r\n" ``` Moreover, it has been deleted from upstream driver, see this patch kubernetes-sigs/aws-ebs-csi-driver@6e59160 Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> * fixup! aws-ebs-csi-driver: remove preStop hook * Add option to configure runc version for containerd * Run hack/update-expected.sh * Bump nvidia device plugin to 0.12.0 * Add hashes for containerd v1.6.7 * Update containerd to v1.6.8 * Run hack/update-expected.sh * Disable some flags in kube-controller-manager and kube-scheduler when logging-format is not text Disable these flags because these are not accepted. * --logtostderr * --alsologtostderr * --log-file * Add deployment-specific selectors to nth pdb If not, when migrating from imds-mode to sqs-mode, the selectors will match the daemonset pods, which doesn't work with pdb * Bump the CCM images * Limit GCE network names to 63 chars * Run hack/update-expected.sh Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: Jesse Haka <haka.jesse@gmail.com> Co-authored-by: Kubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com> Co-authored-by: Ciprian Hacman <ciprian@hakman.dev> Co-authored-by: Gene Kuo <igene@igene.tw> Co-authored-by: Moshe Shitrit <moshe@s5t.dev> Co-authored-by: Ole Markus With <o.with@sportradar.com> Co-authored-by: simonc <simonc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ilya Shaisultanov <ishaisultanov@plaid.com> Co-authored-by: Peter Rifel <pgrifel@gmail.com> Co-authored-by: Eric Bailey <eric@ericb.me> Co-authored-by: Julien Perignon <perignon.julien@gmail.com> Co-authored-by: Ivan Volynkin <jonasasx@gmail.com> Co-authored-by: justinsb <justinsb@google.com> Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> Co-authored-by: Reilly Brogan <reilly@reillybrogan.com> Co-authored-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: ederst <stefan.prietl@bearingpoint.com> Co-authored-by: Nicolas Sterchele <nicolas@sterchelen.net> Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com> Co-authored-by: AkiraFukushima <h3.poteto@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: Jesse Haka <haka.jesse@gmail.com> Co-authored-by: Kubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com> Co-authored-by: Ciprian Hacman <ciprian@hakman.dev> Co-authored-by: Gene Kuo <igene@igene.tw> Co-authored-by: Moshe Shitrit <moshe@s5t.dev> Co-authored-by: Ole Markus With <o.with@sportradar.com> Co-authored-by: simonc <simonc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ilya Shaisultanov <ishaisultanov@plaid.com> Co-authored-by: Peter Rifel <pgrifel@gmail.com> Co-authored-by: Eric Bailey <eric@ericb.me> Co-authored-by: Julien Perignon <perignon.julien@gmail.com> Co-authored-by: Ivan Volynkin <jonasasx@gmail.com> Co-authored-by: justinsb <justinsb@google.com> Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> Co-authored-by: Reilly Brogan <reilly@reillybrogan.com> Co-authored-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: ederst <stefan.prietl@bearingpoint.com> Co-authored-by: Nicolas Sterchele <nicolas@sterchelen.net> Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com> Co-authored-by: AkiraFukushima <h3.poteto@gmail.com>
Closed
oded7hoffman
pushed a commit
to spotinst/kubernetes-kops
that referenced
this pull request
Jan 23, 2023
* run update expected * Add release note and getting started entries for Hetzner * Fix kops update for OpenStack with LB In the last PR to support OVN provider for LB, listener will refer to load balancer provider for ACL settings. While currently get listener API returns empty Pools, which will cause nil pointer dereference when referring Pool.Loadbalancer.Provider. This commit fix this issue by getting pool information with DefaultPoolID when Pools is empty. As I added GetPool function, the origin GetPool function is renamed to GetPoolMember. * bump k8s versions with May releases * Add support for configuring which metrics cilium will export * Update troubleshoot.md * Remove unused DNS logic from Protokube * Fix Protokube gossip flag * Refactor cloud providers and remove unused code from Protokube * Bump actions/setup-go from 3.1.0 to 3.2.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@fcdc436...b22fbbc) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Use dependabot for Go deps * Fix links to go docs Go doc link path is case-sensitive, so use all-lowercase `kops` in the path. * Use build tags for Protokube * Clarify difference between terraform and kOps state stores * Update gophercloud to v0.25.0 This commit updates gophercloud to newest v0.25.0 release. The SOURCE_IP_PORT LB method is also updated to the reference in the new release in align with ROUND_ROBIN. * Bump github.com/spotinst/spotinst-sdk-go from 1.118.0 to 1.120.0 Bumps [github.com/spotinst/spotinst-sdk-go](https://github.com/spotinst/spotinst-sdk-go) from 1.118.0 to 1.120.0. - [Release notes](https://github.com/spotinst/spotinst-sdk-go/releases) - [Changelog](https://github.com/spotinst/spotinst-sdk-go/blob/main/.goreleaser.yaml) - [Commits](spotinst/spotinst-sdk-go@v1.118.0...v1.120.0) --- updated-dependencies: - dependency-name: github.com/spotinst/spotinst-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump NTH to 1.16.5 * promote alpha to stable (k8s releases) * update openstack ccm + csi * Migrate EBS CSI images back to registry.k8s.io * bump aws cni to 1.11.2 * hack/update-expected * Add CSI driver for Hetzner * Use kubectl replace instead of apply when updating addons * Release 1.24.0-beta.1 (kubernetes#13730) * Add hashes for latest Docker versions * Update Docker to v20.10.17 * Run hack/update-expected.sh * Add hashes for latest containerd versions * Update containerd to v1.6.6 * Run hack/update-expected.sh * Update containerd fallback to v1.4.13 * Channels to have exit status 1 on apply failure * Fix codegen targets and whitespace errors in Makefile ${KOPS_ROOT}/_output/bin should be a directory rather than the fistask binary. * Add support for setting mode field on file assets * Update documentation for fileAssets and fix whitespace error * Revert "Use kubectl replace instead of apply when updating addons" This reverts commit 00bde6e. * Fix API group being incorrect for ingresses * Update after running hack/update-expected.sh * Update runc to v1.1.3 * Run hack/update-expected.sh * Update AWS CCM images for k8s 1.20-1.22 * Run hack/update-expected.sh * Fix namespace for cert manager webhook config * Avoid spurious changes with ed25519 keys * Add back the metrics-server 443 port with a new name SSA is keyed on port, but requires unqiue name. So we need to add this back to avoid a duplicate port name error. After this change, kops does own the value and we can remove this some time in the future. * Fix broken node selector for node termination handler * Release 1.24.0-beta.2 (kubernetes#13788) * replace flexdriver with busybox * update expected * Update etcd-manager to v3.0.20220617 * Run hack/update-expected.sh * Fix tests * Do not run CAS on spot instances * Fix GCE resource tracking * Limit GCE ASG labels to 63 chars * Run hack/update-expected.sh * Adding GuestAccelerators to InstanceTemplate * Limit GCE tag for role to 63 chars * Replace manifests after apply * Fix upgrade-ab skip e2e test * Don't try to manage the kube-system namespace * Run hack/update-expected.sh * Remove unneeded kube-proxy service account * Move kube-dns service account to kube-dns addon * Completely remove core addons * Run hack/update-expected.sh * Disable removal or CCM leader migration * Release 1.24.0-beta.3 * Clean-up firewall rules that contain targets with the cluster name hash * Add integration test for GCE cluster with very long cluster name * Log errors from detachInstance * gce: Move out of beta, drop feature flag GCE support seems stable now, and we have good clarity at the API level and how that translates to GCP resources, which was our blocker previously. Drop the need for the feature-flag. * Run make gen-cli-docs * gce: set ProvisioningModel on InstanceTemplate Because of how we compare InstanceTemplates, this was causing spurious differences. Add the minimal support, setting the value to the default. * Fix cleanup of firewall rules that contain the cluster name hash * Apply PKI even if addon fails * Update dependencies * Refactor ClusterPrefixedName and ClusterSuffixedName to not return error * Mount /etc/hosts from host for CoreDNS * Run hack/update-expected.sh * Limit GCE names to 63 chars for various resources * Make IRSA webhook configure apps to use regional STS and set the default region on them * Make it possible to enable the shield addon for LBC * Increase length of cluster name for GCE long cluster name integration test * Add integration test for GCE cluster with internal LB and very long cluster name * Run hack/update-expected.sh * Limit GCE router name to 63 chars * Run hack/update-expected.sh * Remove the v1alpha3 API version * Update Cilium to 1.11.6 * Fix unsetting ASG max price * Revert "Add back the metrics-server 443 port with a new name" This reverts commit 33d2707. * aws: introduce maximum instance lifetime in cluster The maximum instance lifetime is an AWS only feature and specifies the maximum amount of time (in seconds) that an instance can be in service before it is terminated and replaced. A common use case might be a requirement to replace your instances on a schedule because of internal security policies or external compliance controls. * Fix doc of NewOpenStackCloudProvider * Add config drive as a source for OpenStack instance metadata This adds the config drive as an additional source for instance metadata when using OpenStack. * Be more specific when filtering OS instance ports This adds an additional filter for ports attached to an instance, so that only ports tagged with the cluster name will be considered. Basically, this enables adding ports to the server independent from the provisioning process. To not break clusters provisioned with older kOps versions, when there are no tagged ports found it will still consider all the ports of an instance. * Use csi-snapshotter for OS only when the controller is enabled * Bump EBS CSI driver to 1.8.0 * Run hack/update-expected.sh * Release 1.24.0 (kubernetes#13957) * Use Calico v3.23 for Kubernetes 1.22+ * Run hack/update-expected.sh * Use control-plane node role for AWS IAM Authenticator * Enable AWS IAM Authenticator in complex integration test * Upgrade complex integration test case to k8s 1.24 * Skip deregistering the instance during rolling update for Spotinst * Upgrade aws-iam-authenticator to v0.5.9 * Add option to set etcd-manager backup interval * Use only IPv4 for Hetzner servers * Add option to set number of replicas for pod-identity-webhook * Update etcd-manager to v3.0.20220717 * Run hack/update-expected.sh * Update Go to v1.18.4 * Remove replaces from go.mod * Update k8s.io/client-go to match k8s.io/api * Run "make gomod" * Upgrade DO CSI driver to 4.2.0 * Update Calico to v3.23.2 * Update Calico to v3.23.3 * Update Canal to v3.23.3 * Run hack/update-expected.sh * Switch to latest MacOS version for CI * Update dependencies * Revert to using instance private DNS name to lookup hostname * Add server group management for Hetzner * Update etcd-manager to v3.0.20220727 * Run hack/update-expected.sh * Check keyset existence before attempting to distrust * Fix SIGSEGV when deleting a Hetzner instance * Remove namespaces from cluster-scoped resources in CNI manifests * ./hack/update-expected.sh * Enable rolling updates for Hetzner * Wait for load balancer to be ready for Hetzner * Add multiple SSH keys support for Hetzner * Use cabundle for etcd CA files * Release 1.24.1 (kubernetes#14071) * Allow configuring OpenStack CCM networking options * aws-ebs-csi-driver: remove preStop hook The hook can cause issue on execution, like ``` Exec lifecycle hook ([/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock]) for Container "node-driver-registrar" in Pod "ebs-csi-node-96jbk_ebs-csi(a82c6d41-bd2b-42dd-b092-e3acd4c43b62)" failed - error: command '/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock' exited with 126: , message: "OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: exec: \"/bin/sh\": stat /bin/sh: no such file or directory: unknown\r\n" ``` Moreover, it has been deleted from upstream driver, see this patch kubernetes-sigs/aws-ebs-csi-driver@6e59160 Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> * fixup! aws-ebs-csi-driver: remove preStop hook * Add option to configure runc version for containerd * Run hack/update-expected.sh * Bump nvidia device plugin to 0.12.0 * Add hashes for containerd v1.6.7 * Update containerd to v1.6.8 * Run hack/update-expected.sh * Disable some flags in kube-controller-manager and kube-scheduler when logging-format is not text Disable these flags because these are not accepted. * --logtostderr * --alsologtostderr * --log-file * Add deployment-specific selectors to nth pdb If not, when migrating from imds-mode to sqs-mode, the selectors will match the daemonset pods, which doesn't work with pdb * Bump the CCM images * Limit GCE network names to 63 chars * Run hack/update-expected.sh Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: Jesse Haka <haka.jesse@gmail.com> Co-authored-by: Kubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com> Co-authored-by: Ciprian Hacman <ciprian@hakman.dev> Co-authored-by: Gene Kuo <igene@igene.tw> Co-authored-by: Moshe Shitrit <moshe@s5t.dev> Co-authored-by: Ole Markus With <o.with@sportradar.com> Co-authored-by: simonc <simonc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ilya Shaisultanov <ishaisultanov@plaid.com> Co-authored-by: Peter Rifel <pgrifel@gmail.com> Co-authored-by: Eric Bailey <eric@ericb.me> Co-authored-by: Julien Perignon <perignon.julien@gmail.com> Co-authored-by: Ivan Volynkin <jonasasx@gmail.com> Co-authored-by: justinsb <justinsb@google.com> Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> Co-authored-by: Reilly Brogan <reilly@reillybrogan.com> Co-authored-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: ederst <stefan.prietl@bearingpoint.com> Co-authored-by: Nicolas Sterchele <nicolas@sterchelen.net> Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com> Co-authored-by: AkiraFukushima <h3.poteto@gmail.com>
oded7hoffman
pushed a commit
to spotinst/kubernetes-kops
that referenced
this pull request
Jan 23, 2023
* run update expected * Add release note and getting started entries for Hetzner * Fix kops update for OpenStack with LB In the last PR to support OVN provider for LB, listener will refer to load balancer provider for ACL settings. While currently get listener API returns empty Pools, which will cause nil pointer dereference when referring Pool.Loadbalancer.Provider. This commit fix this issue by getting pool information with DefaultPoolID when Pools is empty. As I added GetPool function, the origin GetPool function is renamed to GetPoolMember. * bump k8s versions with May releases * Add support for configuring which metrics cilium will export * Update troubleshoot.md * Remove unused DNS logic from Protokube * Fix Protokube gossip flag * Refactor cloud providers and remove unused code from Protokube * Bump actions/setup-go from 3.1.0 to 3.2.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@fcdc436...b22fbbc) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Use dependabot for Go deps * Fix links to go docs Go doc link path is case-sensitive, so use all-lowercase `kops` in the path. * Use build tags for Protokube * Clarify difference between terraform and kOps state stores * Update gophercloud to v0.25.0 This commit updates gophercloud to newest v0.25.0 release. The SOURCE_IP_PORT LB method is also updated to the reference in the new release in align with ROUND_ROBIN. * Bump github.com/spotinst/spotinst-sdk-go from 1.118.0 to 1.120.0 Bumps [github.com/spotinst/spotinst-sdk-go](https://github.com/spotinst/spotinst-sdk-go) from 1.118.0 to 1.120.0. - [Release notes](https://github.com/spotinst/spotinst-sdk-go/releases) - [Changelog](https://github.com/spotinst/spotinst-sdk-go/blob/main/.goreleaser.yaml) - [Commits](spotinst/spotinst-sdk-go@v1.118.0...v1.120.0) --- updated-dependencies: - dependency-name: github.com/spotinst/spotinst-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump NTH to 1.16.5 * promote alpha to stable (k8s releases) * update openstack ccm + csi * Migrate EBS CSI images back to registry.k8s.io * bump aws cni to 1.11.2 * hack/update-expected * Add CSI driver for Hetzner * Use kubectl replace instead of apply when updating addons * Release 1.24.0-beta.1 (kubernetes#13730) * Add hashes for latest Docker versions * Update Docker to v20.10.17 * Run hack/update-expected.sh * Add hashes for latest containerd versions * Update containerd to v1.6.6 * Run hack/update-expected.sh * Update containerd fallback to v1.4.13 * Channels to have exit status 1 on apply failure * Fix codegen targets and whitespace errors in Makefile ${KOPS_ROOT}/_output/bin should be a directory rather than the fistask binary. * Add support for setting mode field on file assets * Update documentation for fileAssets and fix whitespace error * Revert "Use kubectl replace instead of apply when updating addons" This reverts commit db5121f. * Fix API group being incorrect for ingresses * Update after running hack/update-expected.sh * Update runc to v1.1.3 * Run hack/update-expected.sh * Update AWS CCM images for k8s 1.20-1.22 * Run hack/update-expected.sh * Fix namespace for cert manager webhook config * Avoid spurious changes with ed25519 keys * Add back the metrics-server 443 port with a new name SSA is keyed on port, but requires unqiue name. So we need to add this back to avoid a duplicate port name error. After this change, kops does own the value and we can remove this some time in the future. * Fix broken node selector for node termination handler * Release 1.24.0-beta.2 (kubernetes#13788) * replace flexdriver with busybox * update expected * Update etcd-manager to v3.0.20220617 * Run hack/update-expected.sh * Fix tests * Do not run CAS on spot instances * Fix GCE resource tracking * Limit GCE ASG labels to 63 chars * Run hack/update-expected.sh * Adding GuestAccelerators to InstanceTemplate * Limit GCE tag for role to 63 chars * Replace manifests after apply * Fix upgrade-ab skip e2e test * Don't try to manage the kube-system namespace * Run hack/update-expected.sh * Remove unneeded kube-proxy service account * Move kube-dns service account to kube-dns addon * Completely remove core addons * Run hack/update-expected.sh * Disable removal or CCM leader migration * Release 1.24.0-beta.3 * Clean-up firewall rules that contain targets with the cluster name hash * Add integration test for GCE cluster with very long cluster name * Log errors from detachInstance * gce: Move out of beta, drop feature flag GCE support seems stable now, and we have good clarity at the API level and how that translates to GCP resources, which was our blocker previously. Drop the need for the feature-flag. * Run make gen-cli-docs * gce: set ProvisioningModel on InstanceTemplate Because of how we compare InstanceTemplates, this was causing spurious differences. Add the minimal support, setting the value to the default. * Fix cleanup of firewall rules that contain the cluster name hash * Apply PKI even if addon fails * Update dependencies * Refactor ClusterPrefixedName and ClusterSuffixedName to not return error * Mount /etc/hosts from host for CoreDNS * Run hack/update-expected.sh * Limit GCE names to 63 chars for various resources * Make IRSA webhook configure apps to use regional STS and set the default region on them * Make it possible to enable the shield addon for LBC * Increase length of cluster name for GCE long cluster name integration test * Add integration test for GCE cluster with internal LB and very long cluster name * Run hack/update-expected.sh * Limit GCE router name to 63 chars * Run hack/update-expected.sh * Remove the v1alpha3 API version * Update Cilium to 1.11.6 * Fix unsetting ASG max price * Revert "Add back the metrics-server 443 port with a new name" This reverts commit 08cacef. * aws: introduce maximum instance lifetime in cluster The maximum instance lifetime is an AWS only feature and specifies the maximum amount of time (in seconds) that an instance can be in service before it is terminated and replaced. A common use case might be a requirement to replace your instances on a schedule because of internal security policies or external compliance controls. * Fix doc of NewOpenStackCloudProvider * Add config drive as a source for OpenStack instance metadata This adds the config drive as an additional source for instance metadata when using OpenStack. * Be more specific when filtering OS instance ports This adds an additional filter for ports attached to an instance, so that only ports tagged with the cluster name will be considered. Basically, this enables adding ports to the server independent from the provisioning process. To not break clusters provisioned with older kOps versions, when there are no tagged ports found it will still consider all the ports of an instance. * Use csi-snapshotter for OS only when the controller is enabled * Bump EBS CSI driver to 1.8.0 * Run hack/update-expected.sh * Release 1.24.0 (kubernetes#13957) * Use Calico v3.23 for Kubernetes 1.22+ * Run hack/update-expected.sh * Use control-plane node role for AWS IAM Authenticator * Enable AWS IAM Authenticator in complex integration test * Upgrade complex integration test case to k8s 1.24 * Skip deregistering the instance during rolling update for Spotinst * Upgrade aws-iam-authenticator to v0.5.9 * Add option to set etcd-manager backup interval * Use only IPv4 for Hetzner servers * Add option to set number of replicas for pod-identity-webhook * Update etcd-manager to v3.0.20220717 * Run hack/update-expected.sh * Update Go to v1.18.4 * Remove replaces from go.mod * Update k8s.io/client-go to match k8s.io/api * Run "make gomod" * Upgrade DO CSI driver to 4.2.0 * Update Calico to v3.23.2 * Update Calico to v3.23.3 * Update Canal to v3.23.3 * Run hack/update-expected.sh * Switch to latest MacOS version for CI * Update dependencies * Revert to using instance private DNS name to lookup hostname * Add server group management for Hetzner * Update etcd-manager to v3.0.20220727 * Run hack/update-expected.sh * Check keyset existence before attempting to distrust * Fix SIGSEGV when deleting a Hetzner instance * Remove namespaces from cluster-scoped resources in CNI manifests * ./hack/update-expected.sh * Enable rolling updates for Hetzner * Wait for load balancer to be ready for Hetzner * Add multiple SSH keys support for Hetzner * Use cabundle for etcd CA files * Release 1.24.1 (kubernetes#14071) * Allow configuring OpenStack CCM networking options * aws-ebs-csi-driver: remove preStop hook The hook can cause issue on execution, like ``` Exec lifecycle hook ([/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock]) for Container "node-driver-registrar" in Pod "ebs-csi-node-96jbk_ebs-csi(a82c6d41-bd2b-42dd-b092-e3acd4c43b62)" failed - error: command '/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock' exited with 126: , message: "OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: exec: \"/bin/sh\": stat /bin/sh: no such file or directory: unknown\r\n" ``` Moreover, it has been deleted from upstream driver, see this patch kubernetes-sigs/aws-ebs-csi-driver@6e59160 Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> * fixup! aws-ebs-csi-driver: remove preStop hook * Add option to configure runc version for containerd * Run hack/update-expected.sh * Bump nvidia device plugin to 0.12.0 * Add hashes for containerd v1.6.7 * Update containerd to v1.6.8 * Run hack/update-expected.sh * Disable some flags in kube-controller-manager and kube-scheduler when logging-format is not text Disable these flags because these are not accepted. * --logtostderr * --alsologtostderr * --log-file * Add deployment-specific selectors to nth pdb If not, when migrating from imds-mode to sqs-mode, the selectors will match the daemonset pods, which doesn't work with pdb * Bump the CCM images * Limit GCE network names to 63 chars * Run hack/update-expected.sh Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: Jesse Haka <haka.jesse@gmail.com> Co-authored-by: Kubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com> Co-authored-by: Ciprian Hacman <ciprian@hakman.dev> Co-authored-by: Gene Kuo <igene@igene.tw> Co-authored-by: Moshe Shitrit <moshe@s5t.dev> Co-authored-by: Ole Markus With <o.with@sportradar.com> Co-authored-by: simonc <simonc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ilya Shaisultanov <ishaisultanov@plaid.com> Co-authored-by: Peter Rifel <pgrifel@gmail.com> Co-authored-by: Eric Bailey <eric@ericb.me> Co-authored-by: Julien Perignon <perignon.julien@gmail.com> Co-authored-by: Ivan Volynkin <jonasasx@gmail.com> Co-authored-by: justinsb <justinsb@google.com> Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> Co-authored-by: Reilly Brogan <reilly@reillybrogan.com> Co-authored-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: ederst <stefan.prietl@bearingpoint.com> Co-authored-by: Nicolas Sterchele <nicolas@sterchelen.net> Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com> Co-authored-by: AkiraFukushima <h3.poteto@gmail.com>
oded7hoffman
pushed a commit
to spotinst/kubernetes-kops
that referenced
this pull request
Jan 23, 2023
* run update expected * Add release note and getting started entries for Hetzner * Fix kops update for OpenStack with LB In the last PR to support OVN provider for LB, listener will refer to load balancer provider for ACL settings. While currently get listener API returns empty Pools, which will cause nil pointer dereference when referring Pool.Loadbalancer.Provider. This commit fix this issue by getting pool information with DefaultPoolID when Pools is empty. As I added GetPool function, the origin GetPool function is renamed to GetPoolMember. * bump k8s versions with May releases * Add support for configuring which metrics cilium will export * Update troubleshoot.md * Remove unused DNS logic from Protokube * Fix Protokube gossip flag * Refactor cloud providers and remove unused code from Protokube * Bump actions/setup-go from 3.1.0 to 3.2.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@fcdc436...b22fbbc) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Use dependabot for Go deps * Fix links to go docs Go doc link path is case-sensitive, so use all-lowercase `kops` in the path. * Use build tags for Protokube * Clarify difference between terraform and kOps state stores * Update gophercloud to v0.25.0 This commit updates gophercloud to newest v0.25.0 release. The SOURCE_IP_PORT LB method is also updated to the reference in the new release in align with ROUND_ROBIN. * Bump github.com/spotinst/spotinst-sdk-go from 1.118.0 to 1.120.0 Bumps [github.com/spotinst/spotinst-sdk-go](https://github.com/spotinst/spotinst-sdk-go) from 1.118.0 to 1.120.0. - [Release notes](https://github.com/spotinst/spotinst-sdk-go/releases) - [Changelog](https://github.com/spotinst/spotinst-sdk-go/blob/main/.goreleaser.yaml) - [Commits](spotinst/spotinst-sdk-go@v1.118.0...v1.120.0) --- updated-dependencies: - dependency-name: github.com/spotinst/spotinst-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump NTH to 1.16.5 * promote alpha to stable (k8s releases) * update openstack ccm + csi * Migrate EBS CSI images back to registry.k8s.io * bump aws cni to 1.11.2 * hack/update-expected * Add CSI driver for Hetzner * Use kubectl replace instead of apply when updating addons * Release 1.24.0-beta.1 (kubernetes#13730) * Add hashes for latest Docker versions * Update Docker to v20.10.17 * Run hack/update-expected.sh * Add hashes for latest containerd versions * Update containerd to v1.6.6 * Run hack/update-expected.sh * Update containerd fallback to v1.4.13 * Channels to have exit status 1 on apply failure * Fix codegen targets and whitespace errors in Makefile ${KOPS_ROOT}/_output/bin should be a directory rather than the fistask binary. * Add support for setting mode field on file assets * Update documentation for fileAssets and fix whitespace error * Revert "Use kubectl replace instead of apply when updating addons" This reverts commit c825a7c. * Fix API group being incorrect for ingresses * Update after running hack/update-expected.sh * Update runc to v1.1.3 * Run hack/update-expected.sh * Update AWS CCM images for k8s 1.20-1.22 * Run hack/update-expected.sh * Fix namespace for cert manager webhook config * Avoid spurious changes with ed25519 keys * Add back the metrics-server 443 port with a new name SSA is keyed on port, but requires unqiue name. So we need to add this back to avoid a duplicate port name error. After this change, kops does own the value and we can remove this some time in the future. * Fix broken node selector for node termination handler * Release 1.24.0-beta.2 (kubernetes#13788) * replace flexdriver with busybox * update expected * Update etcd-manager to v3.0.20220617 * Run hack/update-expected.sh * Fix tests * Do not run CAS on spot instances * Fix GCE resource tracking * Limit GCE ASG labels to 63 chars * Run hack/update-expected.sh * Adding GuestAccelerators to InstanceTemplate * Limit GCE tag for role to 63 chars * Replace manifests after apply * Fix upgrade-ab skip e2e test * Don't try to manage the kube-system namespace * Run hack/update-expected.sh * Remove unneeded kube-proxy service account * Move kube-dns service account to kube-dns addon * Completely remove core addons * Run hack/update-expected.sh * Disable removal or CCM leader migration * Release 1.24.0-beta.3 * Clean-up firewall rules that contain targets with the cluster name hash * Add integration test for GCE cluster with very long cluster name * Log errors from detachInstance * gce: Move out of beta, drop feature flag GCE support seems stable now, and we have good clarity at the API level and how that translates to GCP resources, which was our blocker previously. Drop the need for the feature-flag. * Run make gen-cli-docs * gce: set ProvisioningModel on InstanceTemplate Because of how we compare InstanceTemplates, this was causing spurious differences. Add the minimal support, setting the value to the default. * Fix cleanup of firewall rules that contain the cluster name hash * Apply PKI even if addon fails * Update dependencies * Refactor ClusterPrefixedName and ClusterSuffixedName to not return error * Mount /etc/hosts from host for CoreDNS * Run hack/update-expected.sh * Limit GCE names to 63 chars for various resources * Make IRSA webhook configure apps to use regional STS and set the default region on them * Make it possible to enable the shield addon for LBC * Increase length of cluster name for GCE long cluster name integration test * Add integration test for GCE cluster with internal LB and very long cluster name * Run hack/update-expected.sh * Limit GCE router name to 63 chars * Run hack/update-expected.sh * Remove the v1alpha3 API version * Update Cilium to 1.11.6 * Fix unsetting ASG max price * Revert "Add back the metrics-server 443 port with a new name" This reverts commit ff1b4ec. * aws: introduce maximum instance lifetime in cluster The maximum instance lifetime is an AWS only feature and specifies the maximum amount of time (in seconds) that an instance can be in service before it is terminated and replaced. A common use case might be a requirement to replace your instances on a schedule because of internal security policies or external compliance controls. * Fix doc of NewOpenStackCloudProvider * Add config drive as a source for OpenStack instance metadata This adds the config drive as an additional source for instance metadata when using OpenStack. * Be more specific when filtering OS instance ports This adds an additional filter for ports attached to an instance, so that only ports tagged with the cluster name will be considered. Basically, this enables adding ports to the server independent from the provisioning process. To not break clusters provisioned with older kOps versions, when there are no tagged ports found it will still consider all the ports of an instance. * Use csi-snapshotter for OS only when the controller is enabled * Bump EBS CSI driver to 1.8.0 * Run hack/update-expected.sh * Release 1.24.0 (kubernetes#13957) * Use Calico v3.23 for Kubernetes 1.22+ * Run hack/update-expected.sh * Use control-plane node role for AWS IAM Authenticator * Enable AWS IAM Authenticator in complex integration test * Upgrade complex integration test case to k8s 1.24 * Skip deregistering the instance during rolling update for Spotinst * Upgrade aws-iam-authenticator to v0.5.9 * Add option to set etcd-manager backup interval * Use only IPv4 for Hetzner servers * Add option to set number of replicas for pod-identity-webhook * Update etcd-manager to v3.0.20220717 * Run hack/update-expected.sh * Update Go to v1.18.4 * Remove replaces from go.mod * Update k8s.io/client-go to match k8s.io/api * Run "make gomod" * Upgrade DO CSI driver to 4.2.0 * Update Calico to v3.23.2 * Update Calico to v3.23.3 * Update Canal to v3.23.3 * Run hack/update-expected.sh * Switch to latest MacOS version for CI * Update dependencies * Revert to using instance private DNS name to lookup hostname * Add server group management for Hetzner * Update etcd-manager to v3.0.20220727 * Run hack/update-expected.sh * Check keyset existence before attempting to distrust * Fix SIGSEGV when deleting a Hetzner instance * Remove namespaces from cluster-scoped resources in CNI manifests * ./hack/update-expected.sh * Enable rolling updates for Hetzner * Wait for load balancer to be ready for Hetzner * Add multiple SSH keys support for Hetzner * Use cabundle for etcd CA files * Release 1.24.1 (kubernetes#14071) * Allow configuring OpenStack CCM networking options * aws-ebs-csi-driver: remove preStop hook The hook can cause issue on execution, like ``` Exec lifecycle hook ([/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock]) for Container "node-driver-registrar" in Pod "ebs-csi-node-96jbk_ebs-csi(a82c6d41-bd2b-42dd-b092-e3acd4c43b62)" failed - error: command '/bin/sh -c rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock' exited with 126: , message: "OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: exec: \"/bin/sh\": stat /bin/sh: no such file or directory: unknown\r\n" ``` Moreover, it has been deleted from upstream driver, see this patch kubernetes-sigs/aws-ebs-csi-driver@6e59160 Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> * fixup! aws-ebs-csi-driver: remove preStop hook * Add option to configure runc version for containerd * Run hack/update-expected.sh * Bump nvidia device plugin to 0.12.0 * Add hashes for containerd v1.6.7 * Update containerd to v1.6.8 * Run hack/update-expected.sh * Disable some flags in kube-controller-manager and kube-scheduler when logging-format is not text Disable these flags because these are not accepted. * --logtostderr * --alsologtostderr * --log-file * Add deployment-specific selectors to nth pdb If not, when migrating from imds-mode to sqs-mode, the selectors will match the daemonset pods, which doesn't work with pdb * Bump the CCM images * Limit GCE network names to 63 chars * Run hack/update-expected.sh Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: Jesse Haka <haka.jesse@gmail.com> Co-authored-by: Kubernetes Prow Robot <k8s-ci-robot@users.noreply.github.com> Co-authored-by: Ciprian Hacman <ciprian@hakman.dev> Co-authored-by: Gene Kuo <igene@igene.tw> Co-authored-by: Moshe Shitrit <moshe@s5t.dev> Co-authored-by: Ole Markus With <o.with@sportradar.com> Co-authored-by: simonc <simonc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ilya Shaisultanov <ishaisultanov@plaid.com> Co-authored-by: Peter Rifel <pgrifel@gmail.com> Co-authored-by: Eric Bailey <eric@ericb.me> Co-authored-by: Julien Perignon <perignon.julien@gmail.com> Co-authored-by: Ivan Volynkin <jonasasx@gmail.com> Co-authored-by: justinsb <justinsb@google.com> Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com> Co-authored-by: Reilly Brogan <reilly@reillybrogan.com> Co-authored-by: Nicolas Sterchele <foss@sterchelen.net> Co-authored-by: ederst <stefan.prietl@bearingpoint.com> Co-authored-by: Nicolas Sterchele <nicolas@sterchelen.net> Co-authored-by: ddelange <14880945+ddelange@users.noreply.github.com> Co-authored-by: AkiraFukushima <h3.poteto@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
approved
Indicates a PR has been approved by an approver from all required OWNERS files.
area/addons
area/documentation
cncf-cla: yes
Indicates the PR's author has signed the CNCF CLA.
lgtm
"Looks good to me", indicates that a PR is ready to be merged.
size/XXL
Denotes a PR that changes 1000+ lines, ignoring generated files.
tide/merge-method-squash
Denotes a PR that should be squashed by tide when it merges.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.