From 47797671b3b1254d573d2f9adcc9627a2e9ef9eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Dulko?= Date: Tue, 10 Oct 2023 12:44:28 +0200 Subject: [PATCH 1/6] CI: Fix "error: externally-managed-environment" Seems like the CI OS changed and now it won't allow installing Python packages in the system without explicitly requesting that. This commit solves this by installing needed packages through `apt-get`. --- tests/ci-occm-e2e.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/ci-occm-e2e.sh b/tests/ci-occm-e2e.sh index f03f618b1b..17ee05b3d1 100755 --- a/tests/ci-occm-e2e.sh +++ b/tests/ci-occm-e2e.sh @@ -44,7 +44,8 @@ cleanup() { } trap cleanup EXIT -python3 -m pip install requests ansible +apt-get update +apt-get install -y python3-requests ansible # If BOSKOS_HOST is set then acquire a resource of type ${RESOURCE_TYPE} from Boskos. if [ -n "${BOSKOS_HOST:-}" ]; then From c4f06be3216c9a96ac98142af993af2ce9b68726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Dulko?= Date: Tue, 10 Oct 2023 17:57:37 +0200 Subject: [PATCH 2/6] CI: Fix "error: externally-managed-environment" in CSI PR #2414 missed fixing this for Cinder and Manila e2e tests, this makes sure these tests work too. --- tests/ci-csi-cinder-e2e.sh | 3 ++- tests/ci-csi-manila-e2e.sh | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/ci-csi-cinder-e2e.sh b/tests/ci-csi-cinder-e2e.sh index c1d40b9d4a..eb0c791350 100755 --- a/tests/ci-csi-cinder-e2e.sh +++ b/tests/ci-csi-cinder-e2e.sh @@ -44,7 +44,8 @@ cleanup() { } trap cleanup EXIT -python3 -m pip install requests ansible +apt-get update +apt-get install -y python3-requests ansible # If BOSKOS_HOST is set then acquire a resource of type ${RESOURCE_TYPE} from Boskos. if [ -n "${BOSKOS_HOST:-}" ]; then diff --git a/tests/ci-csi-manila-e2e.sh b/tests/ci-csi-manila-e2e.sh index dd9f146f44..9d1a8986a5 100755 --- a/tests/ci-csi-manila-e2e.sh +++ b/tests/ci-csi-manila-e2e.sh @@ -44,7 +44,8 @@ cleanup() { } trap cleanup EXIT -python3 -m pip install requests ansible +apt-get update +apt-get install -y python3-requests ansible # If BOSKOS_HOST is set then acquire a resource of type ${RESOURCE_TYPE} from Boskos. if [ -n "${BOSKOS_HOST:-}" ]; then From faaf4ea60098fb0fa547df2f2bd405f1463d0c68 Mon Sep 17 00:00:00 2001 From: kayrus Date: Wed, 11 Oct 2023 12:05:23 +0200 Subject: [PATCH 3/6] [occm] ensure octavia monitor is always updated (#2423) --- pkg/openstack/loadbalancer.go | 158 ++++++++++++++++++---------------- pkg/util/util.go | 14 +++ 2 files changed, 99 insertions(+), 73 deletions(-) diff --git a/pkg/openstack/loadbalancer.go b/pkg/openstack/loadbalancer.go index 48cb0a9e8b..e8bd5d755f 100644 --- a/pkg/openstack/loadbalancer.go +++ b/pkg/openstack/loadbalancer.go @@ -101,6 +101,12 @@ const ( // See https://nip.io defaultProxyHostnameSuffix = "nip.io" ServiceAnnotationLoadBalancerID = "loadbalancer.openstack.org/load-balancer-id" + + // Octavia resources name formats + lbFormat = "%s%s_%s_%s" + listenerFormat = "listener_%d_%s" + poolFormat = "pool_%d_%s" + monitorFormat = "monitor_%d_%s" ) // LbaasV2 is a LoadBalancer implementation based on Octavia @@ -514,20 +520,17 @@ func (lbaas *LbaasV2) createFullyPopulatedOctaviaLoadBalancer(name, clusterName } for portIndex, port := range service.Spec.Ports { - listenerCreateOpt := lbaas.buildListenerCreateOpt(port, svcConf) - listenerCreateOpt.Name = cutString(fmt.Sprintf("listener_%d_%s", portIndex, name)) + listenerCreateOpt := lbaas.buildListenerCreateOpt(port, svcConf, cpoutil.Sprintf255(listenerFormat, portIndex, name)) members, newMembers, err := lbaas.buildBatchUpdateMemberOpts(port, nodes, svcConf) if err != nil { return nil, err } - poolCreateOpt := lbaas.buildPoolCreateOpt(string(listenerCreateOpt.Protocol), service, svcConf) + poolCreateOpt := lbaas.buildPoolCreateOpt(string(listenerCreateOpt.Protocol), service, svcConf, cpoutil.Sprintf255(poolFormat, portIndex, name)) poolCreateOpt.Members = members // Pool name must be provided to create fully populated loadbalancer - poolCreateOpt.Name = cutString(fmt.Sprintf("pool_%d_%s", portIndex, name)) var withHealthMonitor string if svcConf.enableMonitor { - opts := lbaas.buildMonitorCreateOpts(svcConf, port) - opts.Name = cutString(fmt.Sprintf("monitor_%d_%s", port.Port, name)) + opts := lbaas.buildMonitorCreateOpts(svcConf, port, cpoutil.Sprintf255(monitorFormat, portIndex, name)) poolCreateOpt.Monitor = &opts withHealthMonitor = " with healthmonitor" } @@ -598,8 +601,7 @@ func (lbaas *LbaasV2) GetLoadBalancer(ctx context.Context, clusterName string, s // GetLoadBalancerName returns the constructed load balancer name. func (lbaas *LbaasV2) GetLoadBalancerName(_ context.Context, clusterName string, service *corev1.Service) string { - name := fmt.Sprintf("%s%s_%s_%s", servicePrefix, clusterName, service.Namespace, service.Name) - return cutString(name) + return cpoutil.Sprintf255(lbFormat, servicePrefix, clusterName, service.Namespace, service.Name) } // getLoadBalancerLegacyName returns the legacy load balancer name for backward compatibility. @@ -607,15 +609,6 @@ func (lbaas *LbaasV2) getLoadBalancerLegacyName(_ context.Context, _ string, ser return cloudprovider.DefaultLoadBalancerName(service) } -// cutString makes sure the string length doesn't exceed 255, which is usually the maximum string length in OpenStack. -func cutString(original string) string { - ret := original - if len(original) > 255 { - ret = original[:255] - } - return ret -} - // The LB needs to be configured with instance addresses on the same // subnet as the LB (aka opts.SubnetID). Currently, we're just // guessing that the node's InternalIP is the right address. @@ -1028,55 +1021,56 @@ func (lbaas *LbaasV2) getServiceAddress(clusterName string, service *corev1.Serv func (lbaas *LbaasV2) ensureOctaviaHealthMonitor(lbID string, name string, pool *v2pools.Pool, port corev1.ServicePort, svcConf *serviceConfig) error { monitorID := pool.MonitorID - if monitorID != "" { - monitor, err := openstackutil.GetHealthMonitor(lbaas.lb, monitorID) - if err != nil { - return err - } - //Recreate health monitor with correct protocol if externalTrafficPolicy was changed - createOpts := lbaas.buildMonitorCreateOpts(svcConf, port) - if createOpts.Type != monitor.Type { - klog.InfoS("Recreating health monitor for the pool", "pool", pool.ID, "oldMonitor", monitorID) - if err := openstackutil.DeleteHealthMonitor(lbaas.lb, monitorID, lbID); err != nil { - return err - } - monitorID = "" - } - if svcConf.healthMonitorDelay != monitor.Delay || - svcConf.healthMonitorTimeout != monitor.Timeout || - svcConf.healthMonitorMaxRetries != monitor.MaxRetries || - svcConf.healthMonitorMaxRetriesDown != monitor.MaxRetriesDown { - updateOpts := v2monitors.UpdateOpts{ - Delay: svcConf.healthMonitorDelay, - Timeout: svcConf.healthMonitorTimeout, - MaxRetries: svcConf.healthMonitorMaxRetries, - MaxRetriesDown: svcConf.healthMonitorMaxRetriesDown, - } - klog.Infof("Updating health monitor %s updateOpts %+v", monitorID, updateOpts) - if err := openstackutil.UpdateHealthMonitor(lbaas.lb, monitorID, updateOpts); err != nil { - return err - } + if monitorID == "" { + // do nothing + if !svcConf.enableMonitor { + return nil } - } - if monitorID == "" && svcConf.enableMonitor { + + // a new monitor must be created klog.V(2).Infof("Creating monitor for pool %s", pool.ID) + createOpts := lbaas.buildMonitorCreateOpts(svcConf, port, name) + return lbaas.createOctaviaHealthMonitor(createOpts, pool.ID, lbID) + } - createOpts := lbaas.buildMonitorCreateOpts(svcConf, port) - // Populate PoolID, attribute is omitted for consumption of the createOpts for fully populated Loadbalancer - createOpts.PoolID = pool.ID - createOpts.Name = name - monitor, err := openstackutil.CreateHealthMonitor(lbaas.lb, createOpts, lbID) - if err != nil { - return err - } - monitorID = monitor.ID - klog.Infof("Health monitor %s for pool %s created.", monitorID, pool.ID) - } else if monitorID != "" && !svcConf.enableMonitor { + // an existing monitor must be deleted + if !svcConf.enableMonitor { klog.Infof("Deleting health monitor %s for pool %s", monitorID, pool.ID) + return openstackutil.DeleteHealthMonitor(lbaas.lb, monitorID, lbID) + } + // get an existing monitor status + monitor, err := openstackutil.GetHealthMonitor(lbaas.lb, monitorID) + if err != nil { + // return err on 404 is ok, since we get monitorID dynamically from the pool + return err + } + + // recreate health monitor with a new type + createOpts := lbaas.buildMonitorCreateOpts(svcConf, port, name) + if createOpts.Type != monitor.Type { + klog.InfoS("Recreating health monitor for the pool", "pool", pool.ID, "oldMonitor", monitorID) if err := openstackutil.DeleteHealthMonitor(lbaas.lb, monitorID, lbID); err != nil { return err } + return lbaas.createOctaviaHealthMonitor(createOpts, pool.ID, lbID) + } + + // update new monitor parameters + if name != monitor.Name || + svcConf.healthMonitorDelay != monitor.Delay || + svcConf.healthMonitorTimeout != monitor.Timeout || + svcConf.healthMonitorMaxRetries != monitor.MaxRetries || + svcConf.healthMonitorMaxRetriesDown != monitor.MaxRetriesDown { + updateOpts := v2monitors.UpdateOpts{ + Name: &name, + Delay: svcConf.healthMonitorDelay, + Timeout: svcConf.healthMonitorTimeout, + MaxRetries: svcConf.healthMonitorMaxRetries, + MaxRetriesDown: svcConf.healthMonitorMaxRetriesDown, + } + klog.Infof("Updating health monitor %s updateOpts %+v", monitorID, updateOpts) + return openstackutil.UpdateHealthMonitor(lbaas.lb, monitorID, updateOpts) } return nil @@ -1086,7 +1080,9 @@ func (lbaas *LbaasV2) canUseHTTPMonitor(port corev1.ServicePort) bool { if lbaas.opts.LBProvider == "ovn" { // ovn-octavia-provider doesn't support HTTP monitors at all. We got to avoid creating it with ovn. return false - } else if port.Protocol == corev1.ProtocolUDP { + } + + if port.Protocol == corev1.ProtocolUDP { // Older Octavia versions or OVN provider doesn't support HTTP monitors on UDP pools. We got to check if that's the case. return openstackutil.IsOctaviaFeatureSupported(lbaas.lb, openstackutil.OctaviaFeatureHTTPMonitorsOnUDP, lbaas.opts.LBProvider) } @@ -1095,8 +1091,9 @@ func (lbaas *LbaasV2) canUseHTTPMonitor(port corev1.ServicePort) bool { } // buildMonitorCreateOpts returns a v2monitors.CreateOpts without PoolID for consumption of both, fully popuplated Loadbalancers and Monitors. -func (lbaas *LbaasV2) buildMonitorCreateOpts(svcConf *serviceConfig, port corev1.ServicePort) v2monitors.CreateOpts { +func (lbaas *LbaasV2) buildMonitorCreateOpts(svcConf *serviceConfig, port corev1.ServicePort, name string) v2monitors.CreateOpts { opts := v2monitors.CreateOpts{ + Name: name, Type: string(port.Protocol), Delay: svcConf.healthMonitorDelay, Timeout: svcConf.healthMonitorTimeout, @@ -1115,6 +1112,18 @@ func (lbaas *LbaasV2) buildMonitorCreateOpts(svcConf *serviceConfig, port corev1 return opts } +func (lbaas *LbaasV2) createOctaviaHealthMonitor(createOpts v2monitors.CreateOpts, poolID, lbID string) error { + // populate PoolID, attribute is omitted for consumption of the createOpts for fully populated Loadbalancer + createOpts.PoolID = poolID + monitor, err := openstackutil.CreateHealthMonitor(lbaas.lb, createOpts, lbID) + if err != nil { + return err + } + klog.Infof("Health monitor %s for pool %s created.", monitor.ID, poolID) + + return nil +} + // Make sure the pool is created for the Service, nodes are added as pool members. func (lbaas *LbaasV2) ensureOctaviaPool(lbID string, name string, listener *listeners.Listener, service *corev1.Service, port corev1.ServicePort, nodes []*corev1.Node, svcConf *serviceConfig) (*v2pools.Pool, error) { pool, err := openstackutil.GetPoolByListener(lbaas.lb, lbID, listener.ID) @@ -1142,9 +1151,8 @@ func (lbaas *LbaasV2) ensureOctaviaPool(lbID string, name string, listener *list } if pool == nil { - createOpt := lbaas.buildPoolCreateOpt(listener.Protocol, service, svcConf) + createOpt := lbaas.buildPoolCreateOpt(listener.Protocol, service, svcConf, name) createOpt.ListenerID = listener.ID - createOpt.Name = name klog.InfoS("Creating pool", "listenerID", listener.ID, "protocol", createOpt.Protocol) pool, err = openstackutil.CreatePool(lbaas.lb, createOpt, lbID) @@ -1179,7 +1187,7 @@ func (lbaas *LbaasV2) ensureOctaviaPool(lbID string, name string, listener *list return pool, nil } -func (lbaas *LbaasV2) buildPoolCreateOpt(listenerProtocol string, service *corev1.Service, svcConf *serviceConfig) v2pools.CreateOpts { +func (lbaas *LbaasV2) buildPoolCreateOpt(listenerProtocol string, service *corev1.Service, svcConf *serviceConfig, name string) v2pools.CreateOpts { // By default, use the protocol of the listener poolProto := v2pools.Protocol(listenerProtocol) if svcConf.enableProxyProtocol { @@ -1206,6 +1214,7 @@ func (lbaas *LbaasV2) buildPoolCreateOpt(listenerProtocol string, service *corev lbmethod := v2pools.LBMethod(lbaas.opts.LBMethod) return v2pools.CreateOpts{ + Name: name, Protocol: poolProto, LBMethod: lbmethod, Persistence: persistence, @@ -1253,9 +1262,8 @@ func (lbaas *LbaasV2) ensureOctaviaListener(lbID string, name string, curListene Port: int(port.Port), }] if !isPresent { - listenerCreateOpt := lbaas.buildListenerCreateOpt(port, svcConf) + listenerCreateOpt := lbaas.buildListenerCreateOpt(port, svcConf, name) listenerCreateOpt.LoadbalancerID = lbID - listenerCreateOpt.Name = name klog.V(2).Infof("Creating listener for port %d using protocol %s", int(port.Port), listenerCreateOpt.Protocol) @@ -1340,11 +1348,10 @@ func (lbaas *LbaasV2) ensureOctaviaListener(lbID string, name string, curListene } // buildListenerCreateOpt returns listeners.CreateOpts for a specific Service port and configuration -func (lbaas *LbaasV2) buildListenerCreateOpt(port corev1.ServicePort, svcConf *serviceConfig) listeners.CreateOpts { - listenerProtocol := listeners.Protocol(port.Protocol) - +func (lbaas *LbaasV2) buildListenerCreateOpt(port corev1.ServicePort, svcConf *serviceConfig, name string) listeners.CreateOpts { listenerCreateOpt := listeners.CreateOpts{ - Protocol: listenerProtocol, + Name: name, + Protocol: listeners.Protocol(port.Protocol), ProtocolPort: int(port.Port), ConnLimit: &svcConf.connLimit, } @@ -1938,17 +1945,17 @@ func (lbaas *LbaasV2) ensureOctaviaLoadBalancer(ctx context.Context, clusterName } for portIndex, port := range service.Spec.Ports { - listener, err := lbaas.ensureOctaviaListener(loadbalancer.ID, cutString(fmt.Sprintf("listener_%d_%s", portIndex, lbName)), curListenerMapping, port, svcConf, service) + listener, err := lbaas.ensureOctaviaListener(loadbalancer.ID, cpoutil.Sprintf255(listenerFormat, portIndex, lbName), curListenerMapping, port, svcConf, service) if err != nil { return nil, err } - pool, err := lbaas.ensureOctaviaPool(loadbalancer.ID, cutString(fmt.Sprintf("pool_%d_%s", portIndex, lbName)), listener, service, port, nodes, svcConf) + pool, err := lbaas.ensureOctaviaPool(loadbalancer.ID, cpoutil.Sprintf255(poolFormat, portIndex, lbName), listener, service, port, nodes, svcConf) if err != nil { return nil, err } - if err := lbaas.ensureOctaviaHealthMonitor(loadbalancer.ID, cutString(fmt.Sprintf("monitor_%d_%s", portIndex, lbName)), pool, port, svcConf); err != nil { + if err := lbaas.ensureOctaviaHealthMonitor(loadbalancer.ID, cpoutil.Sprintf255(monitorFormat, portIndex, lbName), pool, port, svcConf); err != nil { return nil, err } @@ -2147,7 +2154,12 @@ func (lbaas *LbaasV2) updateOctaviaLoadBalancer(ctx context.Context, clusterName return fmt.Errorf("loadbalancer %s does not contain required listener for port %d and protocol %s", loadbalancer.ID, port.Port, port.Protocol) } - _, err := lbaas.ensureOctaviaPool(loadbalancer.ID, cutString(fmt.Sprintf("pool_%d_%s", portIndex, loadbalancer.Name)), &listener, service, port, nodes, svcConf) + pool, err := lbaas.ensureOctaviaPool(loadbalancer.ID, cpoutil.Sprintf255(poolFormat, portIndex, loadbalancer.Name), &listener, service, port, nodes, svcConf) + if err != nil { + return err + } + + err = lbaas.ensureOctaviaHealthMonitor(loadbalancer.ID, cpoutil.Sprintf255(monitorFormat, portIndex, loadbalancer.Name), pool, port, svcConf) if err != nil { return err } diff --git a/pkg/util/util.go b/pkg/util/util.go index f155f5a010..34fd7e6def 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -16,6 +16,20 @@ import ( "k8s.io/klog/v2" ) +// CutString255 makes sure the string length doesn't exceed 255, which is usually the maximum string length in OpenStack. +func CutString255(original string) string { + ret := original + if len(original) > 255 { + ret = original[:255] + } + return ret +} + +// Sprintf255 formats according to a format specifier and returns the resulting string with a maximum length of 255 characters. +func Sprintf255(format string, args ...interface{}) string { + return CutString255(fmt.Sprintf(format, args...)) +} + // MyDuration is the encoding.TextUnmarshaler interface for time.Duration type MyDuration struct { time.Duration From b32e73a2fad8e433a8fa7c03eba8aa418dabe9f4 Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:28:12 -0700 Subject: [PATCH 4/6] Make sure we don't mask LB tests failures and fix what was failing (#2360) (#2430) * Fix shared LBs tests PR #2190 prohibited sharing an LB that is internal for security reasons. This commit fixes the shared LBs tests to not create internal LBs. * Make sure we don't mask LB tests failures In `test-lb-service.sh` we do `trap "delete_resources" EXIT` to make sure we cleanup resources on a test failure. In there, we only fetched the `$?` after making a check for `${AUTO_CLEAN_UP}`, which itself alters the code to 0, so function always returns success. This means tests can never really fail. This commit fixes it by making sure `$ERROR_CODE` is fetched at the very beginning of the cleanup function. Co-authored-by: Michal Dulko --- tests/e2e/cloudprovider/test-lb-service.sh | 30 ++++++++++++++++------ 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/tests/e2e/cloudprovider/test-lb-service.sh b/tests/e2e/cloudprovider/test-lb-service.sh index c168aa2d1b..6199709284 100755 --- a/tests/e2e/cloudprovider/test-lb-service.sh +++ b/tests/e2e/cloudprovider/test-lb-service.sh @@ -20,12 +20,12 @@ LB_SUBNET_NAME=${LB_SUBNET_NAME:-"private-subnet"} AUTO_CLEAN_UP=${AUTO_CLEAN_UP:-"true"} function delete_resources() { + ERROR_CODE="$?" + if [[ ${AUTO_CLEAN_UP} != "true" ]]; then exit ${ERROR_CODE} fi - ERROR_CODE="$?" - printf "\n>>>>>>> Deleting k8s services\n" kubectl -n ${NAMESPACE} get svc -o name | xargs -r kubectl -n $NAMESPACE delete printf "\n>>>>>>> Deleting k8s deployments\n" @@ -34,6 +34,12 @@ function delete_resources() { printf "\n>>>>>>> Deleting openstack load balancer \n" openstack loadbalancer delete test_shared_user_lb --cascade + printf "\n>>>>>>> Deleting openstack FIPs \n" + fips=$(openstack floating ip list --tag occm-test -f value -c ID) + for fip in $fips; do + openstack floating ip delete ${fip} + done + if [[ "$ERROR_CODE" != "0" ]]; then printf "\n>>>>>>> Dump openstack-cloud-controller-manager logs \n" pod_name=$(kubectl -n kube-system get pod -l k8s-app=openstack-cloud-controller-manager -o name | awk 'NR==1 {print}') @@ -438,7 +444,6 @@ metadata: name: ${service1} namespace: $NAMESPACE annotations: - service.beta.kubernetes.io/openstack-internal-load-balancer: "true" loadbalancer.openstack.org/enable-health-monitor: "false" spec: type: LoadBalancer @@ -474,7 +479,6 @@ metadata: name: ${service2} namespace: $NAMESPACE annotations: - service.beta.kubernetes.io/openstack-internal-load-balancer: "true" loadbalancer.openstack.org/enable-health-monitor: "false" loadbalancer.openstack.org/load-balancer-id: "$lbID" spec: @@ -521,7 +525,6 @@ metadata: name: ${service2} namespace: $NAMESPACE annotations: - service.beta.kubernetes.io/openstack-internal-load-balancer: "true" loadbalancer.openstack.org/enable-health-monitor: "false" loadbalancer.openstack.org/load-balancer-id: "$lbID" spec: @@ -580,7 +583,6 @@ metadata: name: ${service3} namespace: $NAMESPACE annotations: - service.beta.kubernetes.io/openstack-internal-load-balancer: "true" loadbalancer.openstack.org/enable-health-monitor: "false" loadbalancer.openstack.org/load-balancer-id: "$lbID" spec: @@ -614,7 +616,6 @@ metadata: name: ${service4} namespace: $NAMESPACE annotations: - service.beta.kubernetes.io/openstack-internal-load-balancer: "true" loadbalancer.openstack.org/enable-health-monitor: "false" loadbalancer.openstack.org/load-balancer-id: "$lbID" spec: @@ -725,6 +726,20 @@ function test_shared_user_lb { printf "\n>>>>>>> Waiting for openstack load balancer $lbID ACTIVE after creating listener \n" wait_for_loadbalancer $lbID + printf "\n>>>>>>> Getting an external network \n" + extNetID=$(openstack network list --external -f value -c ID | head -1) + if [[ -z extNetID ]]; then + printf "\n>>>>>>> FAIL: failed to find an external network\n" + exit 1 + fi + fip=$(openstack floating ip create --tag occm-test -f value -c id ${extNetID}) + if [ $? -ne 0 ]; then + printf "\n>>>>>>> FAIL: failed to create FIP\n" + exit 1 + fi + vip=$(openstack loadbalancer show $lbID -f value -c vip_port_id) + openstack floating ip set --port ${vip} ${fip} + local service1="test-shared-user-lb" printf "\n>>>>>>> Create Service ${service1}\n" cat < Date: Thu, 19 Oct 2023 19:16:52 +0200 Subject: [PATCH 5/6] [1.26.4] 1.26.4 release (#2428) * [1.26.4] 1.26.4 release * update kubernetes/kubernetes to 1.26.9 in go.mod * .: bump golang.org/x/net to v0.17.0 Bumping golang.org/x/net in light of CVE-2023-39325 and CVE-2023-44487. * Update k3s and test image to ubuntu 22 (#2108) * use ubuntu focal * update k3s used in tests * update default version * tests: Remove support for preinstalled images This never worked and the image in question is no longer available. Signed-off-by: Stephen Finucane * Fix tests * Use dl.k8s.io instead of hardcoded GCS URIs (#2240) The `storage.googleapis.com/kubernetes-release` URL is a hard coded path to a GCS bucket location. To allow redirecting and spreading the load across multiple hosting locations, the `dl.k8s.io` URL has been introduced. Signed-off-by: Sean McGinnis * Add Dockerfile --------- Signed-off-by: Stephen Finucane Signed-off-by: Sean McGinnis Co-authored-by: Jesse Haka Co-authored-by: Stephen Finucane Co-authored-by: Sean McGinnis --- Dockerfile | 202 ++++++++++++++++++ Makefile | 178 +++------------ charts/cinder-csi-plugin/Chart.yaml | 4 +- charts/manila-csi-plugin/Chart.yaml | 4 +- .../Chart.yaml | 4 +- .../using-barbican-kms-plugin.md | 2 +- ...ne-webhook-authenticator-and-authorizer.md | 2 +- .../using-magnum-auto-healer.md | 2 +- .../using-octavia-ingress-controller.md | 2 +- examples/webhook/keystone-deployment.yaml | 2 +- go.mod | 67 ++---- go.sum | 70 +++--- hack/bump-release.sh | 24 +++ manifests/barbican-kms/pod.yaml | 2 +- .../cinder-csi-controllerplugin.yaml | 2 +- .../cinder-csi-nodeplugin.yaml | 2 +- ...openstack-cloud-controller-manager-ds.yaml | 2 +- ...penstack-cloud-controller-manager-pod.yaml | 2 +- .../magnum-auto-healer.yaml | 2 +- .../csi-controllerplugin.yaml | 2 +- .../manila-csi-plugin/csi-nodeplugin.yaml | 2 +- .../roles/install-cpo-occm/defaults/main.yaml | 4 +- .../roles/install-cpo-occm/tasks/main.yaml | 8 +- .../roles/install-csi-cinder/tasks/main.yaml | 12 +- .../roles/install-csi-manila/tasks/main.yaml | 18 +- .../roles/install-k3s/defaults/main.yaml | 2 +- .../roles/install-k3s/tasks/main.yaml | 2 +- tests/playbooks/test-csi-cinder-e2e.yaml | 2 +- tests/playbooks/test-csi-manila-e2e.yaml | 2 +- tests/playbooks/test-occm-e2e.yaml | 2 +- tests/sanity/manila/fakecsiclient.go | 4 +- tests/scripts/create-gce-vm.sh | 22 +- 32 files changed, 371 insertions(+), 286 deletions(-) create mode 100644 Dockerfile create mode 100755 hack/bump-release.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000000..decbdd59a6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,202 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################################ +## BUILD ARGS ## +################################################################################ +# This build arg allows the specification of a custom Golang image. +ARG GOLANG_IMAGE=golang:1.20.3 + +# The distroless image on which the CPI manager image is built. +# +# Please do not use "latest". Explicit tags should be used to provide +# deterministic builds. Follow what kubernetes uses to build +# kube-controller-manager, for example for 1.27.x: +# https://github.com/kubernetes/kubernetes/blob/release-1.27/build/common.sh#L99 +ARG DISTROLESS_IMAGE=registry.k8s.io/build-image/go-runner:v2.3.1-go1.20.3-bullseye.0 + +# We use Alpine as the source for default CA certificates and some output +# images +ARG ALPINE_IMAGE=alpine:3.17.3 + +# cinder-csi-plugin uses Debian as a base image +ARG DEBIAN_IMAGE=registry.k8s.io/build-image/debian-base:bullseye-v1.4.3 + +################################################################################ +## BUILD STAGE ## +################################################################################ + +# Build an image containing a common ca-certificates used by all target images +# regardless of how they are built. We arbitrarily take ca-certificates from +# the amd64 Alpine image. +FROM --platform=linux/amd64 ${ALPINE_IMAGE} as certs +RUN apk add --no-cache ca-certificates + + +# Build all command targets. We build all command targets in a single build +# stage for efficiency. Target images copy their binary from this image. +# We use go's native cross compilation for multi-arch in this stage, so the +# builder itself is always amd64 +FROM --platform=linux/amd64 ${GOLANG_IMAGE} as builder + +ARG GOPROXY=https://goproxy.io,direct +ARG TARGETOS +ARG TARGETARCH +ARG VERSION + +WORKDIR /build +COPY Makefile go.mod go.sum ./ +COPY cmd/ cmd/ +COPY pkg/ pkg/ +RUN make build GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOPROXY=${GOPROXY} VERSION=${VERSION} + + +################################################################################ +## TARGET IMAGES ## +################################################################################ + +## +## openstack-cloud-controller-manager +## +FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as openstack-cloud-controller-manager + +COPY --from=certs /etc/ssl/certs /etc/ssl/certs +COPY --from=builder /build/openstack-cloud-controller-manager /bin/openstack-cloud-controller-manager + +LABEL name="openstack-cloud-controller-manager" \ + license="Apache Version 2.0" \ + maintainers="Kubernetes Authors" \ + description="OpenStack cloud controller manager" \ + distribution-scope="public" \ + summary="OpenStack cloud controller manager" \ + help="none" + +CMD [ "/bin/openstack-cloud-controller-manager" ] + +## +## barbican-kms-plugin +## +FROM --platform=${TARGETPLATFORM} ${ALPINE_IMAGE} as barbican-kms-plugin +# barbican-kms-plugin uses ALPINE instead of distroless because its entrypoint +# uses a shell for environment substitution. If there are no other uses this +# could be replaced by callers passing arguments explicitly. + +COPY --from=builder /build/barbican-kms-plugin /bin/barbican-kms-plugin +COPY --from=certs /etc/ssl/certs /etc/ssl/certs + +LABEL name="barbican-kms-plugin" \ + license="Apache Version 2.0" \ + maintainers="Kubernetes Authors" \ + description="Barbican kms plugin" \ + distribution-scope="public" \ + summary="Barbican kms plugin" \ + help="none" + +CMD ["sh", "-c", "/bin/barbican-kms-plugin --socketpath ${socketpath} --cloud-config ${cloudconfig}"] + +## +## cinder-csi-plugin +## +FROM --platform=${TARGETPLATFORM} ${DEBIAN_IMAGE} as cinder-csi-plugin + +# Install e4fsprogs for format +RUN clean-install btrfs-progs e2fsprogs mount udev xfsprogs + +COPY --from=builder /build/cinder-csi-plugin /bin/cinder-csi-plugin +COPY --from=certs /etc/ssl/certs /etc/ssl/certs + +LABEL name="cinder-csi-plugin" \ + license="Apache Version 2.0" \ + maintainers="Kubernetes Authors" \ + description="Cinder CSI Plugin" \ + distribution-scope="public" \ + summary="Cinder CSI Plugin" \ + help="none" + +CMD ["/bin/cinder-csi-plugin"] + +## +## k8s-keystone-auth +## +FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as k8s-keystone-auth + +COPY --from=builder /build/k8s-keystone-auth /bin/k8s-keystone-auth +COPY --from=certs /etc/ssl/certs /etc/ssl/certs + +LABEL name="k8s-keystone-auth" \ + license="Apache Version 2.0" \ + maintainers="Kubernetes Authors" \ + description="K8s Keystone Auth" \ + distribution-scope="public" \ + summary="K8s Keystone Auth" \ + help="none" + +EXPOSE 8443 + +CMD ["/bin/k8s-keystone-auth"] + +## +## magnum-auto-healer +## +FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as magnum-auto-healer + +COPY --from=builder /build/magnum-auto-healer /bin/magnum-auto-healer +COPY --from=certs /etc/ssl/certs /etc/ssl/certs + +LABEL name="magnum-auto-healer" \ + license="Apache Version 2.0" \ + maintainers="Kubernetes Authors" \ + description="Magnum auto healer" \ + distribution-scope="public" \ + summary="Magnum auto healer" \ + help="none" + +CMD ["/bin/magnum-auto-healer"] + +## +## manila-csi-plugin +## +FROM --platform=${TARGETPLATFORM} ${ALPINE_IMAGE} as manila-csi-plugin +# manila-csi-plugin uses ALPINE because it pulls in jq and curl + +RUN apk add --no-cache jq curl + +COPY --from=builder /build/manila-csi-plugin /bin/manila-csi-plugin +COPY --from=certs /etc/ssl/certs /etc/ssl/certs + +LABEL name="manila-csi-plugin" \ + license="Apache Version 2.0" \ + maintainers="Kubernetes Authors" \ + description="Manila CSI Plugin" \ + distribution-scope="public" \ + summary="Manila CSI Plugin" \ + help="none" + +ENTRYPOINT ["/bin/manila-csi-plugin"] + +## +## octavia-ingress-controller +## +FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as octavia-ingress-controller + +COPY --from=builder /build/octavia-ingress-controller /bin/octavia-ingress-controller +COPY --from=certs /etc/ssl/certs /etc/ssl/certs + +LABEL name="octavia-ingress-controller" \ + license="Apache Version 2.0" \ + maintainers="Kubernetes Authors" \ + description="Octavia ingress controller" \ + distribution-scope="public" \ + summary="Octavia ingress controller" \ + help="none" + +CMD ["/bin/octavia-ingress-controller"] diff --git a/Makefile b/Makefile index 8f87bfdb69..9945ce6f2f 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ TESTARGS_DEFAULT := "-v" export TESTARGS ?= $(TESTARGS_DEFAULT) PKG := $(shell awk '/^module/ { print $$2 }' go.mod) DEST := $(GOPATH)/src/$(GIT_HOST)/$(BASE_DIR) -SOURCES := $(shell find $(DEST) -name '*.go' 2>/dev/null) +SOURCES := Makefile go.mod go.sum $(shell find $(DEST) -name '*.go' 2>/dev/null) HAS_GOX := $(shell command -v gox;) GOX_PARALLEL ?= 3 @@ -31,18 +31,14 @@ TEMP_DIR :=$(shell mktemp -d) TAR_FILE ?= rootfs.tar GOOS ?= $(shell go env GOOS) -GIT_VERSION := $(shell git describe --dirty --tags --match='v*') -VERSION ?= $(GIT_VERSION) -ALPINE_ARCH := -DEBIAN_ARCH := -QEMUARCH := -QEMUVERSION := "v4.2.0-4" +GOPROXY ?= $(shell go env GOPROXY) +VERSION ?= $(shell git describe --dirty --tags --match='v*') GOARCH := GOFLAGS := TAGS := -LDFLAGS := "-w -s -X 'k8s.io/component-base/version.gitVersion=$(GIT_VERSION)'" +LDFLAGS := "-w -s -X 'k8s.io/component-base/version.gitVersion=$(VERSION)' -X 'k8s.io/cloud-provider-openstack/pkg/version.Version=$(VERSION)'" GOX_LDFLAGS := $(shell echo "$(LDFLAGS) -extldflags \"-static\"") -REGISTRY ?= k8scloudprovider +REGISTRY ?= registry.k8s.io/provider-os IMAGE_OS ?= linux IMAGE_NAMES ?= openstack-cloud-controller-manager \ cinder-csi-plugin \ @@ -62,9 +58,6 @@ BUILD_CMDS ?= openstack-cloud-controller-manager \ magnum-auto-healer \ client-keystone-auth -# This option is for running docker manifest command -export DOCKER_CLI_EXPERIMENTAL := enabled - # CTI targets $(GOBIN): @@ -73,84 +66,17 @@ $(GOBIN): work: $(GOBIN) -ifeq ($(ARCH),arm) - DEBIAN_ARCH=$(ARCH) - GOARCH=$(ARCH) - QEMUARCH=$(ARCH) - ALPINE_ARCH=arm32v7 -else ifeq ($(ARCH),arm64) - DEBIAN_ARCH=$(ARCH) - GOARCH=$(ARCH) - QEMUARCH=aarch64 - ALPINE_ARCH=arm64v8 -else - DEBIAN_ARCH=$(ARCH) - GOARCH=$(ARCH) - QEMUARCH=$(ARCH) - ALPINE_ARCH=$(ARCH) -endif - build-all-archs: @for arch in $(ARCHS); do $(MAKE) ARCH=$${arch} build ; done -build: $(addprefix build-cmd-,$(BUILD_CMDS)) - -client-keystone-auth: work $(SOURCES) - CGO_ENABLED=0 GOOS=$(GOOS) go build \ - -ldflags $(LDFLAGS) \ - -o client-keystone-auth \ - cmd/client-keystone-auth/main.go - -# Remove individual go build targets, once we migrate openlab-zuul-jobs -# to use new build-cmd-% targets. -cinder-csi-plugin: work $(SOURCES) - CGO_ENABLED=0 GOOS=$(GOOS) go build \ - -ldflags $(LDFLAGS) \ - -o cinder-csi-plugin \ - cmd/cinder-csi-plugin/main.go - -# This target is for supporting CI jobs of release-1.17 branch. We should delete this target once 1.17 support is dropped and change the cinder-csi-plugin related CI jobs to use target image-cinder-csi-plugin -image-csi-plugin: - $(MAKE) image-cinder-csi-plugin +build: $(BUILD_CMDS) -manila-csi-plugin: work $(SOURCES) - CGO_ENABLED=0 GOOS=$(GOOS) go build \ +$(BUILD_CMDS): $(SOURCES) + CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(GOARCH) GOPROXY=${GOPROXY} go build \ + -trimpath \ -ldflags $(LDFLAGS) \ - -o manila-csi-plugin \ - cmd/manila-csi-plugin/main.go - -# Remove this individual go build target, once we remove -# image-controller-manager below. -openstack-cloud-controller-manager: work $(SOURCES) - CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(GOARCH) go build \ - -ldflags $(LDFLAGS) \ - -o openstack-cloud-controller-manager-$(ARCH) \ - cmd/openstack-cloud-controller-manager/main.go - -# Remove individual image builder once we migrate openlab-zuul-jobs -# to use new image-openstack-cloud-controller-manager target. -image-controller-manager: work openstack-cloud-controller-manager -ifeq ($(GOOS),linux) - cp -r cluster/images/openstack-cloud-controller-manager $(TEMP_DIR) - cp openstack-cloud-controller-manager-$(ARCH) $(TEMP_DIR)/openstack-cloud-controller-manager - cp $(TEMP_DIR)/openstack-cloud-controller-manager/Dockerfile.build $(TEMP_DIR)/openstack-cloud-controller-manager/Dockerfile - $(CONTAINER_ENGINE) build -t $(REGISTRY)/openstack-cloud-controller-manager:$(VERSION) $(TEMP_DIR)/openstack-cloud-controller-manager - rm -rf $(TEMP_DIR)/openstack-cloud-controller-manager -else - $(error Please set GOOS=linux for building the image) -endif - -build-cmd-%: work $(SOURCES) - @# Keep binary with no arch mark. We should remove this once we correct - @# openlab-zuul-jobs. - CGO_ENABLED=0 GOOS=$(GOOS) go build \ - -ldflags $(LDFLAGS) \ - -o $* \ - cmd/$*/main.go - CGO_ENABLED=0 GOOS=$(GOOS) GOARCH=$(GOARCH) go build \ - -ldflags $(LDFLAGS) \ - -o $*-$(ARCH) \ - cmd/$*/main.go + -o $@ \ + cmd/$@/main.go test: unit functional @@ -230,65 +156,29 @@ realclean: clean shell: $(SHELL) -i -push-manifest-%: - $(CONTAINER_ENGINE) manifest create --amend $(REGISTRY)/$*:$(VERSION) $(shell echo $(ARCHS) | sed -e "s~[^ ]*~$(REGISTRY)/$*\-&:$(VERSION)~g") - @for arch in $(ARCHS); do $(CONTAINER_ENGINE) manifest annotate --os $(IMAGE_OS) --arch $${arch} $(REGISTRY)/$*:${VERSION} $(REGISTRY)/$*-$${arch}:${VERSION}; done - $(CONTAINER_ENGINE) manifest push --purge $(REGISTRY)/$*:${VERSION} - -push-all-manifest: $(addprefix push-manifest-,$(IMAGE_NAMES)) - -build-images: $(addprefix image-,$(IMAGE_NAMES)) - -push-images: $(addprefix push-image-,$(IMAGE_NAMES)) - -image-%: work - $(MAKE) $(addprefix build-cmd-,$*) -ifeq ($(GOOS),linux) - cp -r cluster/images/$* $(TEMP_DIR) - -ifneq ($(ARCH),amd64) - $(CONTAINER_ENGINE) run --rm --privileged multiarch/qemu-user-static --reset -p yes - curl -sSL https://github.com/multiarch/qemu-user-static/releases/download/$(QEMUVERSION)/x86_64_qemu-$(QEMUARCH)-static.tar.gz | tar -xz -C $(TEMP_DIR)/$* - @# Ensure we don't get surprised by umask settings - chmod 0755 $(TEMP_DIR)/$*/qemu-$(QEMUARCH)-static - sed "/^FROM .*/a COPY qemu-$(QEMUARCH)-static /usr/bin/" $(TEMP_DIR)/$*/Dockerfile.build > $(TEMP_DIR)/$*/Dockerfile.build.tmp - mv $(TEMP_DIR)/$*/Dockerfile.build.tmp $(TEMP_DIR)/$*/Dockerfile.build -endif - - cp $*-$(ARCH) $(TEMP_DIR)/$* - $(CONTAINER_ENGINE) build --build-arg ALPINE_ARCH=$(ALPINE_ARCH) --build-arg ARCH=$(ARCH) --build-arg DEBIAN_ARCH=$(DEBIAN_ARCH) --pull -t build-$*-$(ARCH) -f $(TEMP_DIR)/$*/Dockerfile.build $(TEMP_DIR)/$* - $(CONTAINER_ENGINE) create --name build-$*-$(ARCH) build-$*-$(ARCH) - $(CONTAINER_ENGINE) export build-$*-$(ARCH) > $(TEMP_DIR)/$*/$(TAR_FILE) - - @echo "build image $(REGISTRY)/$*-$(ARCH)" - $(CONTAINER_ENGINE) build --build-arg ALPINE_ARCH=$(ALPINE_ARCH) --build-arg ARCH=$(ARCH) --build-arg DEBIAN_ARCH=$(DEBIAN_ARCH) --pull -t $(REGISTRY)/$*-$(ARCH):$(VERSION) $(TEMP_DIR)/$* - - rm -rf $(TEMP_DIR)/$* - $(CONTAINER_ENGINE) rm build-$*-$(ARCH) - $(CONTAINER_ENGINE) rmi build-$*-$(ARCH) -else - $(error Please set GOOS=linux for building the image) -endif - -push-image-%: - @echo "push image $*-$(ARCH) to $(REGISTRY)" -ifneq ($(and $(DOCKER_USERNAME),$(DOCKER_PASSWORD)),) - @$(CONTAINER_ENGINE) login -u="$(DOCKER_USERNAME)" -p="$(DOCKER_PASSWORD)" -endif - $(CONTAINER_ENGINE) push $(REGISTRY)/$*-$(ARCH):$(VERSION) - -images: $(addprefix build-arch-image-,$(ARCH)) - -images-all-archs: $(addprefix build-arch-image-,$(ARCHS)) - -build-arch-image-%: - @echo "Building images for ARCH=$*" - $(MAKE) ARCH=$* build-images - -upload-image-%: - $(MAKE) ARCH=$* build-images push-images - -upload-images: $(addprefix upload-image-,$(ARCHS)) push-all-manifest +# Build a single image for the local default platform and push to the local +# container engine +build-local-image-%: + $(CONTAINER_ENGINE) buildx build --output type=docker \ + --build-arg VERSION=$(VERSION) \ + --tag $(REGISTRY)/$*:$(VERSION) \ + --target $* \ + . + +# Build all images locally +build-local-images: $(addprefix build-image-,$(IMAGE_NAMES)) + +# Build a single image for all architectures in ARCHS and push it to REGISTRY +push-multiarch-image-%: + $(CONTAINER_ENGINE) buildx build --output type=registry \ + --build-arg VERSION=$(VERSION) \ + --tag $(REGISTRY)/$*:$(VERSION) \ + --platform $(shell echo $(addprefix linux/,$(ARCHS)) | sed 's/ /,/g') \ + --target $* \ + . + +# Push all multiarch images +push-multiarch-images: $(addprefix push-multiarch-image-,$(IMAGE_NAMES)) version: @echo ${VERSION} diff --git a/charts/cinder-csi-plugin/Chart.yaml b/charts/cinder-csi-plugin/Chart.yaml index 258574126b..54354f4b97 100644 --- a/charts/cinder-csi-plugin/Chart.yaml +++ b/charts/cinder-csi-plugin/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: v1.26.3 +appVersion: v1.26.4 description: Cinder CSI Chart for OpenStack name: openstack-cinder-csi -version: 2.26.1 +version: 2.26.4 home: https://github.com/kubernetes/cloud-provider-openstack icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png maintainers: diff --git a/charts/manila-csi-plugin/Chart.yaml b/charts/manila-csi-plugin/Chart.yaml index babcd42834..c86ef7163b 100644 --- a/charts/manila-csi-plugin/Chart.yaml +++ b/charts/manila-csi-plugin/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: v1.26.3 +appVersion: v1.26.4 description: Manila CSI Chart for OpenStack name: openstack-manila-csi -version: 2.26.1 +version: 2.26.4 home: http://github.com/kubernetes/cloud-provider-openstack icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png maintainers: diff --git a/charts/openstack-cloud-controller-manager/Chart.yaml b/charts/openstack-cloud-controller-manager/Chart.yaml index b8568e2554..3eb1138290 100644 --- a/charts/openstack-cloud-controller-manager/Chart.yaml +++ b/charts/openstack-cloud-controller-manager/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v1 -appVersion: v1.26.3 +appVersion: v1.26.4 description: Openstack Cloud Controller Manager Helm Chart icon: https://object-storage-ca-ymq-1.vexxhost.net/swift/v1/6e4619c416ff4bd19e1c087f27a43eea/www-images-prod/openstack-logo/OpenStack-Logo-Vertical.png home: https://github.com/kubernetes/cloud-provider-openstack name: openstack-cloud-controller-manager -version: 2.26.1 +version: 2.26.4 maintainers: - name: eumel8 email: f.kloeker@telekom.de diff --git a/docs/barbican-kms-plugin/using-barbican-kms-plugin.md b/docs/barbican-kms-plugin/using-barbican-kms-plugin.md index 3ae0499362..27326afc48 100644 --- a/docs/barbican-kms-plugin/using-barbican-kms-plugin.md +++ b/docs/barbican-kms-plugin/using-barbican-kms-plugin.md @@ -83,7 +83,7 @@ $ docker run -d --volume=/var/lib/kms:/var/lib/kms \ --volume=/etc/kubernetes:/etc/kubernetes \ -e socketpath=/var/lib/kms/kms.sock \ -e cloudconfig=/etc/kubernetes/cloud-config \ -registry.k8s.io/provider-os/barbican-kms-plugin:v1.26.3 +registry.k8s.io/provider-os/barbican-kms-plugin:v1.26.4 ``` 6. Create /etc/kubernetes/encryption-config.yaml ``` diff --git a/docs/keystone-auth/using-keystone-webhook-authenticator-and-authorizer.md b/docs/keystone-auth/using-keystone-webhook-authenticator-and-authorizer.md index a83b138a90..a1f588da79 100644 --- a/docs/keystone-auth/using-keystone-webhook-authenticator-and-authorizer.md +++ b/docs/keystone-auth/using-keystone-webhook-authenticator-and-authorizer.md @@ -252,7 +252,7 @@ it as a service. There are several things we need to notice in the deployment manifest: - We are using image - `registry.k8s.io/provider-os/k8s-keystone-auth:v1.26.3` + `registry.k8s.io/provider-os/k8s-keystone-auth:v1.26.4` - We use `k8s-auth-policy` configmap created above. - The pod uses service account `keystone-auth` created above. - We use `keystone-auth-certs` secret created above to inject the diff --git a/docs/magnum-auto-healer/using-magnum-auto-healer.md b/docs/magnum-auto-healer/using-magnum-auto-healer.md index c456e1481e..8cb8934be1 100644 --- a/docs/magnum-auto-healer/using-magnum-auto-healer.md +++ b/docs/magnum-auto-healer/using-magnum-auto-healer.md @@ -73,7 +73,7 @@ user_id=ceb61464a3d341ebabdf97d1d4b97099 user_project_id=b23a5e41d1af4c20974bf58b4dff8e5a password=password region=RegionOne -image=registry.k8s.io/provider-os/magnum-auto-healer:v1.26.3 +image=registry.k8s.io/provider-os/magnum-auto-healer:v1.26.4 cat < /etc/kubernetes/octavia-ingress-controller/deployment.yaml --- diff --git a/examples/webhook/keystone-deployment.yaml b/examples/webhook/keystone-deployment.yaml index 2a29084f37..5bc5084c2c 100644 --- a/examples/webhook/keystone-deployment.yaml +++ b/examples/webhook/keystone-deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: k8s-keystone containers: - name: k8s-keystone-auth - image: registry.k8s.io/provider-os/k8s-keystone-auth:v1.26.3 + image: registry.k8s.io/provider-os/k8s-keystone-auth:v1.26.4 args: - ./bin/k8s-keystone-auth - --tls-cert-file diff --git a/go.mod b/go.mod index 7c31935194..77ec67e627 100644 --- a/go.mod +++ b/go.mod @@ -20,24 +20,24 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.14.0 github.com/stretchr/testify v1.8.1 - golang.org/x/net v0.11.0 - golang.org/x/sys v0.9.0 - golang.org/x/term v0.9.0 + golang.org/x/net v0.17.0 + golang.org/x/sys v0.13.0 + golang.org/x/term v0.13.0 google.golang.org/grpc v1.51.0 google.golang.org/protobuf v1.28.1 gopkg.in/gcfg.v1 v1.2.3 gopkg.in/godo.v2 v2.0.9 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.26.5 - k8s.io/apimachinery v0.26.5 - k8s.io/apiserver v0.26.5 - k8s.io/client-go v0.26.5 - k8s.io/cloud-provider v0.26.5 - k8s.io/component-base v0.26.5 + k8s.io/api v0.26.9 + k8s.io/apimachinery v0.26.9 + k8s.io/apiserver v0.26.9 + k8s.io/client-go v0.26.9 + k8s.io/cloud-provider v0.26.9 + k8s.io/component-base v0.26.9 k8s.io/klog/v2 v2.80.1 - k8s.io/kms v0.26.5 - k8s.io/kubernetes v1.26.5 - k8s.io/mount-utils v0.26.5 + k8s.io/kms v0.26.9 + k8s.io/kubernetes v1.26.9 + k8s.io/mount-utils v0.26.9 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 software.sslmate.com/src/go-pkcs12 v0.2.0 ) @@ -55,7 +55,7 @@ require ( github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/distribution v2.8.1+incompatible // indirect + github.com/docker/distribution v2.8.2+incompatible // indirect github.com/emicklei/go-restful/v3 v3.10.1 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/felixge/httpsnoop v1.0.3 // indirect @@ -123,10 +123,10 @@ require ( go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.9.0 // indirect go.uber.org/zap v1.24.0 // indirect - golang.org/x/crypto v0.10.0 // indirect + golang.org/x/crypto v0.14.0 // indirect golang.org/x/oauth2 v0.3.0 // indirect golang.org/x/sync v0.1.0 // indirect - golang.org/x/text v0.10.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect @@ -136,8 +136,8 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.26.5 // indirect - k8s.io/component-helpers v0.26.5 // indirect - k8s.io/controller-manager v0.26.5 // indirect + k8s.io/component-helpers v0.26.9 // indirect + k8s.io/controller-manager v0.26.9 // indirect k8s.io/csi-translation-lib v0.26.5 // indirect k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect k8s.io/kubectl v0.26.5 // indirect @@ -148,35 +148,4 @@ require ( sigs.k8s.io/yaml v1.3.0 // indirect ) -replace ( - github.com/docker/distribution => github.com/docker/distribution v2.8.2+incompatible - github.com/onsi/ginkgo/v2 => github.com/onsi/ginkgo/v2 v2.4.0 - google.golang.org/grpc v1.34.0 => google.golang.org/grpc v1.29.0 - k8s.io/api => k8s.io/api v0.26.5 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.5 - k8s.io/apimachinery => k8s.io/apimachinery v0.26.5 - k8s.io/apiserver => k8s.io/apiserver v0.26.5 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.5 - k8s.io/client-go => k8s.io/client-go v0.26.5 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.5 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.5 - k8s.io/code-generator => k8s.io/code-generator v0.26.5 - k8s.io/component-base => k8s.io/component-base v0.26.5 - k8s.io/component-helpers => k8s.io/component-helpers v0.26.5 - k8s.io/controller-manager => k8s.io/controller-manager v0.26.5 - k8s.io/cri-api => k8s.io/cri-api v0.26.5 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.5 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.5 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.5 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.5 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.5 - k8s.io/kubectl => k8s.io/kubectl v0.26.5 - k8s.io/kubelet => k8s.io/kubelet v0.26.5 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.5 - k8s.io/metrics => k8s.io/metrics v0.26.5 - k8s.io/mount-utils => k8s.io/mount-utils v0.26.5 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.5 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.5 - k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.5 - k8s.io/sample-controller => k8s.io/sample-controller v0.26.5 -) +replace github.com/onsi/ginkgo/v2 => github.com/onsi/ginkgo/v2 v2.4.0 diff --git a/go.sum b/go.sum index 9c5cbb8523..384bc37661 100644 --- a/go.sum +++ b/go.sum @@ -80,6 +80,7 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -111,6 +112,7 @@ github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= @@ -379,7 +381,7 @@ github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJf github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= @@ -489,8 +491,8 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -568,8 +570,8 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -653,13 +655,13 @@ golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= -golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -670,8 +672,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -813,13 +815,13 @@ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.0/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= @@ -885,39 +887,39 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.5 h1:Npao/+sMSng6nkEcNydgH3BNo4s5YoBg7iw35HM7Hcw= -k8s.io/api v0.26.5/go.mod h1:O7ICW7lj6+ZQQQ3cxekgCoW+fnGo5kWT0nTHkLZ5grc= +k8s.io/api v0.26.9 h1:s8Y+G1u2JM55b90+Yo2RVb3PGT/hkWNVPN4idPERxJg= +k8s.io/api v0.26.9/go.mod h1:W/W4fEWRVzPD36820LlVUQfNBiSbiq0VPWRFJKwzmUg= k8s.io/apiextensions-apiserver v0.26.5 h1:VJ946z9RjyCPn3qiz4Kus/UYjCRrdn1xUvEsJFvN5Yo= k8s.io/apiextensions-apiserver v0.26.5/go.mod h1:Olsde7ZNWnyz9rsL13iXYXmL1h7kWujtKeC3yWVCDPo= -k8s.io/apimachinery v0.26.5 h1:hTQVhJao2piX7vSgCn4Lwd6E0o/+TJIH4NqRf+q4EmE= -k8s.io/apimachinery v0.26.5/go.mod h1:HUvk6wrOP4v22AIYqeCGSQ6xWCHo41J9d6psb3temAg= -k8s.io/apiserver v0.26.5 h1:SBzyDpIXXPR4v+mpSU44p9fQerBMkpOH6lmSPCD1wmo= -k8s.io/apiserver v0.26.5/go.mod h1:OSbw98Y1bDSbA2izYIKqhi10vb4KWP9b4siiCRFkBVE= -k8s.io/client-go v0.26.5 h1:e8Z44pafL/c6ayF/6qYEypbJoDSakaFxhJ9lqULEJEo= -k8s.io/client-go v0.26.5/go.mod h1:/CYyNt+ZLMvWqMF8h1SvkUXz2ujFWQLwdDrdiQlZ5X0= -k8s.io/cloud-provider v0.26.5 h1:dDiCey75cPQhRy96AmE1Vqo1DJakuHHfnn5DJiwdkTQ= -k8s.io/cloud-provider v0.26.5/go.mod h1:tZZTVChlO3isBV/Y6xO4/j0MI+I9/vRkplc8cY8kVvo= -k8s.io/component-base v0.26.5 h1:nHAzDvXQ4whYpOqrQGWrDIYI/GIeXkuxzqC/iVICfZo= -k8s.io/component-base v0.26.5/go.mod h1:wvfNAS05EtKdPeUxFceo8WNh8bGPcFY8QfPhv5MYjA4= -k8s.io/component-helpers v0.26.5 h1:JwpcrVqrxU7eLlO+p1TLjdf01O+d3G7eOJgQCm1bMm0= -k8s.io/component-helpers v0.26.5/go.mod h1:08oMmyYzepG6KoZzPnx4R7lcrqyBESWx2EKq7mWvx/g= -k8s.io/controller-manager v0.26.5 h1:ogbqwYak08bk403Oc3k3sG3X+qtcJGQ+pAy37ahWezI= -k8s.io/controller-manager v0.26.5/go.mod h1:gBtwuLHbkF6LrNIp0feK0BA4LwEbeTuq7Y7kmmBomK0= +k8s.io/apimachinery v0.26.9 h1:5yAV9cFR7Z4gIorKcAjWnx4uxtxiFsERwq4Pvmx0CCg= +k8s.io/apimachinery v0.26.9/go.mod h1:qYzLkrQ9lhrZRh0jNKo2cfvf/R1/kQONnSiyB7NUJU0= +k8s.io/apiserver v0.26.9 h1:G8D5XIXbhLzqdRY3FajzkKE2lt8hnAW5Vjq67mzEeR8= +k8s.io/apiserver v0.26.9/go.mod h1:HY2TzNkDgq71jsNLyk61ZoDrpiyvujdY6kHyT9DwvtU= +k8s.io/client-go v0.26.9 h1:TGWi/6guEjIgT0Hg871Gsmx0qFuoGyGFjlFedrk7It0= +k8s.io/client-go v0.26.9/go.mod h1:tU1FZS0bwAmAFyPYpZycUQrQnUMzQ5MHloop7EbX6ow= +k8s.io/cloud-provider v0.26.9 h1:JEi8Ru+mI337VL1OWK5WpcWw4A2L59WuQuyEXqrsJQ8= +k8s.io/cloud-provider v0.26.9/go.mod h1:81N/JbR0Z/5ndAREDWDALIhVBoWgWTc2mbf1EjfJ8aQ= +k8s.io/component-base v0.26.9 h1:qQVdQgyEIUe8EUkB3EEuQ9l5sgVlG2KgOB519yWEBGw= +k8s.io/component-base v0.26.9/go.mod h1:3WmW9lH9tbjpuvpAc22cPF/6C3VxCjMxkOU1j2mpzr8= +k8s.io/component-helpers v0.26.9 h1:rye6RTjO86//kUw6RJrpj7XmAowlQOjbVQwOJik8V30= +k8s.io/component-helpers v0.26.9/go.mod h1:i4vVG+4dQXykhnkCYXFKoBDy1eiHMInBmULGgYm2aEM= +k8s.io/controller-manager v0.26.9 h1:/KVoj+xRXBHsGaN94ICudlGK/OPoM1YouuQdouU17Hk= +k8s.io/controller-manager v0.26.9/go.mod h1:oszwsJOEHaoMyqeC1x/Nyjn25CQ0BcuEbPpnrPlVQYM= k8s.io/csi-translation-lib v0.26.5 h1:9nuy6rFh7LAqhuVGOY6KnPLZkzWJ0SqM6+6p4YiASKQ= k8s.io/csi-translation-lib v0.26.5/go.mod h1:BaS2V6Dw+qrj9wM59csELaBzfE5iaUMgiRnienfoAsE= k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.26.5 h1:Yjgvlxc3KBTAUWuxOIkMUB6YEmqR+rKBkRquBioP8YY= -k8s.io/kms v0.26.5/go.mod h1:AYuV9ZebRhr6cb1eT9L6kZVxvgIUxmE1Fe6kPhqYvuc= +k8s.io/kms v0.26.9 h1:3pGaRcG2jaBHzOMcq5zTYp5lWjZrAv7U3k+XiG8jncg= +k8s.io/kms v0.26.9/go.mod h1:AYuV9ZebRhr6cb1eT9L6kZVxvgIUxmE1Fe6kPhqYvuc= k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s= k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/kubectl v0.26.5 h1:xBqkZIycZIIG6X2ly4OkX2VL15xxnEpZAU9lfoTb0QE= k8s.io/kubectl v0.26.5/go.mod h1:04QUnpBp9xe0wc84IdRcrFMkuUWQwsg9+ZMHtM4lbNM= -k8s.io/kubernetes v1.26.5 h1:hc/lcQCK7J2Q3fOqtU3cD8qJOKpi6oySEHPP39q/R7o= -k8s.io/kubernetes v1.26.5/go.mod h1:nARWq2FQXUzRa+DQfF6hEp0dgZXu61MnjX+aiQaC8lk= -k8s.io/mount-utils v0.26.5 h1:OYqtkQgtu3hCOYEv09rLdJu/YowXvrM0H6JiPGX6PWI= -k8s.io/mount-utils v0.26.5/go.mod h1:S+09/ujdtdKRo3bzSQXonHpIEKc+svPe8SNgBUJBj8E= +k8s.io/kubernetes v1.26.9 h1:vdTix+Rh3wbNvbXk/efOeDLX3lng12t1xdsG4rSksmk= +k8s.io/kubernetes v1.26.9/go.mod h1:gvP7bsbtu0/cA0ZBJqayLm9lS1PP3WCwrhQOAbpqsK8= +k8s.io/mount-utils v0.26.9 h1:vKmnimy/UAKGEK2bM7+SwEDHVeDbn6CfmiXU+2LOty8= +k8s.io/mount-utils v0.26.9/go.mod h1:S+09/ujdtdKRo3bzSQXonHpIEKc+svPe8SNgBUJBj8E= k8s.io/pod-security-admission v0.26.5 h1:Q9kQx1oS8RvHVwQmind+SmsQ3244Ha7Wmm9v7DlZQu0= k8s.io/pod-security-admission v0.26.5/go.mod h1:IXv1XIvTDOv6U6hyJ+jCCzrDl6jEo1Rhwm7kQtoaY/8= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= diff --git a/hack/bump-release.sh b/hack/bump-release.sh new file mode 100755 index 0000000000..3aae1d1e85 --- /dev/null +++ b/hack/bump-release.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +# Copyright 2023 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM_MAJOR="${1:?FROM_MAJOR (1st arg) not set or empty}" +TO_MAJOR="${2:?TO_MAJOR (2nd arg) not set or empty}" +TO_MINOR="${3:?TO_MINOR (3rd arg) not set or empty}" + +# example usage: hack/bump_release.sh 28 28 1 +# should replace 1.28.x with 1.28.1 / 2.28.x with 2.28.1 + +find charts docs manifests tests examples -type f -exec sed -i -re 's/((ersion)?: ?v?)?([1-2]\.)'${FROM_MAJOR}'\.([0-9][0-9a-zA-Z.-]*)/\1\3'${TO_MAJOR}'.'${TO_MINOR}'/g' "{}" \; diff --git a/manifests/barbican-kms/pod.yaml b/manifests/barbican-kms/pod.yaml index 94ff95eb6f..050198bdc5 100644 --- a/manifests/barbican-kms/pod.yaml +++ b/manifests/barbican-kms/pod.yaml @@ -5,7 +5,7 @@ metadata: spec: containers: - name: barbican-kms - image: registry.k8s.io/provider-os/barbican-kms-plugin:v1.26.3 + image: registry.k8s.io/provider-os/barbican-kms-plugin:v1.26.4 args: - "--socketpath=/kms/kms.sock" - "--cloud-config=/etc/kubernetes/cloud-config" diff --git a/manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml b/manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml index be15b29420..810e511ede 100644 --- a/manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml +++ b/manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml @@ -93,7 +93,7 @@ spec: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir - name: cinder-csi-plugin - image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.3 + image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.4 args: - /bin/cinder-csi-plugin - "--endpoint=$(CSI_ENDPOINT)" diff --git a/manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml b/manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml index 0a68c88a46..b4c7ebf050 100644 --- a/manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml +++ b/manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml @@ -53,7 +53,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.3 + image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.4 args: - /bin/cinder-csi-plugin - "--endpoint=$(CSI_ENDPOINT)" diff --git a/manifests/controller-manager/openstack-cloud-controller-manager-ds.yaml b/manifests/controller-manager/openstack-cloud-controller-manager-ds.yaml index af5229f26f..dba85f4dbb 100644 --- a/manifests/controller-manager/openstack-cloud-controller-manager-ds.yaml +++ b/manifests/controller-manager/openstack-cloud-controller-manager-ds.yaml @@ -38,7 +38,7 @@ spec: serviceAccountName: cloud-controller-manager containers: - name: openstack-cloud-controller-manager - image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.26.3 + image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.26.4 args: - /bin/openstack-cloud-controller-manager - --v=1 diff --git a/manifests/controller-manager/openstack-cloud-controller-manager-pod.yaml b/manifests/controller-manager/openstack-cloud-controller-manager-pod.yaml index 14dda7c52e..4a7041ab76 100644 --- a/manifests/controller-manager/openstack-cloud-controller-manager-pod.yaml +++ b/manifests/controller-manager/openstack-cloud-controller-manager-pod.yaml @@ -11,7 +11,7 @@ metadata: spec: containers: - name: openstack-cloud-controller-manager - image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.26.3 + image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.26.4 args: - /bin/openstack-cloud-controller-manager - --v=1 diff --git a/manifests/magnum-auto-healer/magnum-auto-healer.yaml b/manifests/magnum-auto-healer/magnum-auto-healer.yaml index 37cbc8006b..d813658faa 100644 --- a/manifests/magnum-auto-healer/magnum-auto-healer.yaml +++ b/manifests/magnum-auto-healer/magnum-auto-healer.yaml @@ -88,7 +88,7 @@ spec: node-role.kubernetes.io/control-plane: "" containers: - name: magnum-auto-healer - image: registry.k8s.io/provider-os/magnum-auto-healer:v1.26.3 + image: registry.k8s.io/provider-os/magnum-auto-healer:v1.26.4 imagePullPolicy: Always args: - /bin/magnum-auto-healer diff --git a/manifests/manila-csi-plugin/csi-controllerplugin.yaml b/manifests/manila-csi-plugin/csi-controllerplugin.yaml index 2437be8e87..533114c5ec 100644 --- a/manifests/manila-csi-plugin/csi-controllerplugin.yaml +++ b/manifests/manila-csi-plugin/csi-controllerplugin.yaml @@ -77,7 +77,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: registry.k8s.io/provider-os/manila-csi-plugin:v1.26.3 + image: registry.k8s.io/provider-os/manila-csi-plugin:v1.26.4 command: ["/bin/sh", "-c", '/bin/manila-csi-plugin --nodeid=$(NODE_ID) diff --git a/manifests/manila-csi-plugin/csi-nodeplugin.yaml b/manifests/manila-csi-plugin/csi-nodeplugin.yaml index b8105d81d4..2ee7a29d68 100644 --- a/manifests/manila-csi-plugin/csi-nodeplugin.yaml +++ b/manifests/manila-csi-plugin/csi-nodeplugin.yaml @@ -50,7 +50,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: registry.k8s.io/provider-os/manila-csi-plugin:v1.26.3 + image: registry.k8s.io/provider-os/manila-csi-plugin:v1.26.4 command: ["/bin/sh", "-c", '/bin/manila-csi-plugin --nodeid=$(NODE_ID) diff --git a/tests/playbooks/roles/install-cpo-occm/defaults/main.yaml b/tests/playbooks/roles/install-cpo-occm/defaults/main.yaml index 92bbd874ed..82999d458b 100644 --- a/tests/playbooks/roles/install-cpo-occm/defaults/main.yaml +++ b/tests/playbooks/roles/install-cpo-occm/defaults/main.yaml @@ -8,5 +8,5 @@ build_image: true run_e2e: false # Used for access the private registry image from k8s remote_registry_host: "{{ ansible_default_ipv4.address }}" -generated_image_url: "{{ remote_registry_host }}/openstack-cloud-controller-manager-amd64:v0.0.{{ github_pr }}" -image_url: "{{ generated_image_url if build_image else 'registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.26.3' }}" +generated_image_url: "{{ remote_registry_host }}/openstack-cloud-controller-manager:v0.0.{{ github_pr }}" +image_url: "{{ generated_image_url if build_image else 'registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.26.4' }}" diff --git a/tests/playbooks/roles/install-cpo-occm/tasks/main.yaml b/tests/playbooks/roles/install-cpo-occm/tasks/main.yaml index d1df1028f4..15f5980252 100644 --- a/tests/playbooks/roles/install-cpo-occm/tasks/main.yaml +++ b/tests/playbooks/roles/install-cpo-occm/tasks/main.yaml @@ -17,10 +17,10 @@ cmd: | cd $GOPATH/src/k8s.io/cloud-provider-openstack - REGISTRY={{ image_registry_host }} \ - VERSION=v0.0.{{ github_pr }} \ - IMAGE_NAMES=openstack-cloud-controller-manager \ - make upload-image-amd64 + make push-multiarch-image-openstack-cloud-controller-manager \ + ARCHS='amd64' \ + REGISTRY={{ image_registry_host }} \ + VERSION=v0.0.{{ github_pr }} - name: Prepare openstack-cloud-controller-manager config shell: diff --git a/tests/playbooks/roles/install-csi-cinder/tasks/main.yaml b/tests/playbooks/roles/install-csi-cinder/tasks/main.yaml index ea7248f446..6e7b52af5f 100644 --- a/tests/playbooks/roles/install-csi-cinder/tasks/main.yaml +++ b/tests/playbooks/roles/install-csi-cinder/tasks/main.yaml @@ -16,10 +16,10 @@ cmd: | cd $GOPATH/src/k8s.io/cloud-provider-openstack - VERSION={{ github_pr }} \ - REGISTRY={{ image_registry_host }} \ - IMAGE_NAMES=cinder-csi-plugin \ - make upload-image-amd64 + make push-multiarch-image-cinder-csi-plugin \ + ARCHS='amd64' \ + VERSION=v0.0.{{ github_pr }} \ + REGISTRY={{ image_registry_host }} - name: Prepare cloud config shell: @@ -60,8 +60,8 @@ sed -i "/cloud\.conf/c\ cloud.conf: $b64data" manifests/cinder-csi-plugin/csi-secret-cinderplugin.yaml # replace image with built image - sed -i "s#registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.3#{{ remote_registry_host }}/cinder-csi-plugin-amd64:{{ github_pr }}#" manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml - sed -i "s#registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.3#{{ remote_registry_host }}/cinder-csi-plugin-amd64:{{ github_pr }}#" manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml + sed -i "s#registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.4#{{ remote_registry_host }}/cinder-csi-plugin:v0.0.{{ github_pr }}#" manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml + sed -i "s#registry.k8s.io/provider-os/cinder-csi-plugin:v1.26.4#{{ remote_registry_host }}/cinder-csi-plugin:v0.0.{{ github_pr }}#" manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml sed -i "s#--v=1#--v=5#" manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml sed -i "s#--v=1#--v=5#" manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml diff --git a/tests/playbooks/roles/install-csi-manila/tasks/main.yaml b/tests/playbooks/roles/install-csi-manila/tasks/main.yaml index 0d3ab463d4..62b6856c6d 100644 --- a/tests/playbooks/roles/install-csi-manila/tasks/main.yaml +++ b/tests/playbooks/roles/install-csi-manila/tasks/main.yaml @@ -16,10 +16,10 @@ cmd: | cd {{ ansible_user_dir }}/src/k8s.io/cloud-provider-openstack - REGISTRY={{ image_registry_host }} \ - VERSION={{ github_pr }} \ - IMAGE_NAMES=manila-csi-plugin \ - make upload-image-amd64 + make push-multiarch-image-manila-csi-plugin \ + ARCHS='amd64' \ + REGISTRY={{ image_registry_host }} \ + VERSION=v0.0.{{ github_pr }} - name: Prepare cloud config shell: @@ -122,8 +122,8 @@ cat <> override-helm-values.yaml csimanila: image: - repository: {{ remote_registry_host }}/manila-csi-plugin-amd64 - tag: {{ github_pr }} + repository: {{ remote_registry_host }}/manila-csi-plugin + tag: v0.0.{{ github_pr }} shareProtocols: - protocolSelector: NFS fsGroupPolicy: None @@ -224,7 +224,7 @@ --ginkgo.v \ --ginkgo.noColor \ --ginkgo.progress \ - --ginkgo.skip="\[Disruptive\]|\[sig-storage\]\s+\[manila-csi-e2e\]\s+CSI\s+Volumes\s+\[Driver:\s+nfs.manila.csi.openstack.org\]\s+\[Testpattern:\s+Dynamic\s+PV\s+\(default\s+fs\)\]\s+provisioning\s+should\s+provision\s+storage\s+with\s+any\s+volume\s+data\s+source\s+\[Serial\]|should\s+provision\s+storage\s+with\s+snapshot\s+data\s+source" \ + --ginkgo.skip="\[Disruptive\]|\[sig-storage\]\s+\[manila-csi-e2e\]\s+CSI\s+Volumes\s+\[Driver:\s+nfs.manila.csi.openstack.org\]\s+\[Testpattern:\s+Dynamic\s+PV\s+\(default\s+fs\)\]\s+provisioning\s+should\s+provision\s+storage\s+with\s+any\s+volume\s+data\s+source\s+\[Serial\]|should\s+provision\s+storage\s+with\s+snapshot\s+data\s+source|restoring\s+snapshot\s+to\s+larger\s+size" \ --ginkgo.focus="\[manila-csi-e2e\]" \ -report-dir /var/log/csi-pod \ -timeout=0 | tee "/var/log/csi-pod/manila-csi-e2e.log" @@ -238,8 +238,8 @@ set -x set -e - kubectl logs statefulset/manila-openstack-manila-csi-controllerplugin -n default -c nfs-nodeplugin > /var/log/csi-pod/csi-manila-controllerplugin.log - kubectl logs daemonset/manila-openstack-manila-csi-nodeplugin -n default -c nfs-nodeplugin > /var/log/csi-pod/csi-manila-nodeplugin.log + kubectl logs -l app=openstack-manila-csi,component=controllerplugin -n default -c nfs-nodeplugin --tail=-1 > /var/log/csi-pod/csi-manila-controllerplugin.log + kubectl logs -l app=openstack-manila-csi,component=nodeplugin -n default -c nfs-nodeplugin --tail=-1 > /var/log/csi-pod/csi-manila-nodeplugin.log ignore_errors: true - fail: msg="The execution has failed because of errors." diff --git a/tests/playbooks/roles/install-k3s/defaults/main.yaml b/tests/playbooks/roles/install-k3s/defaults/main.yaml index 26458cc914..71f6a6f37e 100644 --- a/tests/playbooks/roles/install-k3s/defaults/main.yaml +++ b/tests/playbooks/roles/install-k3s/defaults/main.yaml @@ -1,5 +1,5 @@ --- -k3s_release: "v1.23.6+k3s1" +k3s_release: v1.26.1+k3s1 worker_node_count: 1 cluster_token: "9a08jv.c0izixklcxtmnze7" devstack_workdir: "{{ ansible_user_dir }}/devstack" diff --git a/tests/playbooks/roles/install-k3s/tasks/main.yaml b/tests/playbooks/roles/install-k3s/tasks/main.yaml index efdc36001b..b759f4cd49 100644 --- a/tests/playbooks/roles/install-k3s/tasks/main.yaml +++ b/tests/playbooks/roles/install-k3s/tasks/main.yaml @@ -157,7 +157,7 @@ mkdir -p {{ ansible_user_dir }}/.kube scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i {{ ansible_user_dir }}/.ssh/id_rsa ubuntu@{{ k3s_fip }}:/etc/rancher/k3s/k3s.yaml {{ ansible_user_dir }}/.kube/config - curl -sLO# https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl + curl -sLO# https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl chmod +x ./kubectl; sudo mv ./kubectl /usr/local/bin/kubectl kubectl config set-cluster default --server=https://{{ k3s_fip }}:6443 --kubeconfig {{ ansible_user_dir }}/.kube/config diff --git a/tests/playbooks/test-csi-cinder-e2e.yaml b/tests/playbooks/test-csi-cinder-e2e.yaml index 207e9edb4b..98481510f4 100644 --- a/tests/playbooks/test-csi-cinder-e2e.yaml +++ b/tests/playbooks/test-csi-cinder-e2e.yaml @@ -20,7 +20,7 @@ - cinder - role: install-k3s worker_node_count: 0 - k3s_release: v1.23.6+k3s1 + k3s_release: v1.26.1+k3s1 - role: install-docker - role: install-docker-registry cert_hosts: ' ["{{ ansible_default_ipv4.address }}"]' diff --git a/tests/playbooks/test-csi-manila-e2e.yaml b/tests/playbooks/test-csi-manila-e2e.yaml index b6dfd925f8..8aca07b142 100644 --- a/tests/playbooks/test-csi-manila-e2e.yaml +++ b/tests/playbooks/test-csi-manila-e2e.yaml @@ -19,7 +19,7 @@ - manila - role: install-k3s worker_node_count: 0 - k3s_release: v1.23.6+k3s1 + k3s_release: v1.26.1+k3s1 - role: install-docker - role: install-docker-registry cert_hosts: ' ["{{ ansible_default_ipv4.address }}"]' diff --git a/tests/playbooks/test-occm-e2e.yaml b/tests/playbooks/test-occm-e2e.yaml index d420a5ad5d..520a4479c6 100644 --- a/tests/playbooks/test-occm-e2e.yaml +++ b/tests/playbooks/test-occm-e2e.yaml @@ -21,7 +21,7 @@ - barbican - role: install-k3s worker_node_count: 0 - k3s_release: v1.23.6+k3s1 + k3s_release: v1.26.1+k3s1 - role: install-docker - role: install-docker-registry cert_hosts: ' ["{{ ansible_default_ipv4.address }}"]' diff --git a/tests/sanity/manila/fakecsiclient.go b/tests/sanity/manila/fakecsiclient.go index f18bba8bbe..a85e72bce6 100644 --- a/tests/sanity/manila/fakecsiclient.go +++ b/tests/sanity/manila/fakecsiclient.go @@ -99,11 +99,11 @@ func (c fakeNodeSvcClient) UnpublishVolume(ctx context.Context, req *csi.NodeUnp type fakeCSIClientBuilder struct{} func (b fakeCSIClientBuilder) NewConnection(string) (*grpc.ClientConn, error) { - return grpc.Dial("", grpc.WithTransportCredentials(insecure.NewCredentials())) + return grpc.Dial("localhost", grpc.WithTransportCredentials(insecure.NewCredentials())) } func (b fakeCSIClientBuilder) NewConnectionWithContext(context.Context, string) (*grpc.ClientConn, error) { - return grpc.Dial("", grpc.WithTransportCredentials(insecure.NewCredentials())) + return grpc.Dial("localhost", grpc.WithTransportCredentials(insecure.NewCredentials())) } func (b fakeCSIClientBuilder) NewNodeServiceClient(conn *grpc.ClientConn) csiclient.Node { diff --git a/tests/scripts/create-gce-vm.sh b/tests/scripts/create-gce-vm.sh index 2eba24e8a7..f073220cc6 100755 --- a/tests/scripts/create-gce-vm.sh +++ b/tests/scripts/create-gce-vm.sh @@ -23,9 +23,8 @@ GCP_ZONE=${GCP_ZONE:-"us-east4-a"} GCP_MACHINE_MIN_CPU_PLATFORM=${GCP_MACHINE_MIN_CPU_PLATFORM:-"Intel Cascade Lake"} GCP_MACHINE_TYPE=${GCP_MACHINE_TYPE:-"n2-standard-8"} GCP_NETWORK_NAME=${GCP_NETWORK_NAME:-"${CLUSTER_NAME}-mynetwork"} -# Flavors are default or preinstalled: +# Flavor options are: default # * default: installs devstack via cloud-init, OPENSTACK_RELEASE only works on default -# * preinstalled: uses a already installed devstack FLAVOR=${FLAVOR:="default"} PRIVATE_IP="10.0.2.15" @@ -90,11 +89,12 @@ main() { init_networks fi - if [[ ${FLAVOR} = "default" ]]; then + case "${FLAVOR}" in + "default") if ! gcloud compute disks describe devstack-${FLAVOR} --zone "${GCP_ZONE}" > /dev/null 2>&1; then gcloud compute disks create devstack-${FLAVOR} \ - --image-project ubuntu-os-cloud --image-family ubuntu-2004-lts \ + --image-project ubuntu-os-cloud --image-family ubuntu-2204-lts \ --zone "${GCP_ZONE}" fi @@ -104,14 +104,12 @@ main() { --source-disk devstack-${FLAVOR} --source-disk-zone "${GCP_ZONE}" \ --licenses "https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx" fi - elif [[ ${FLAVOR} = "preinstalled" ]]; then - if ! gcloud compute images describe devstack-${FLAVOR} > /dev/null 2>&1; - then - gcloud compute images create devstack-${FLAVOR} \ - --source-uri gs://artifacts.k8s-staging-capi-openstack.appspot.com/test/devstack/2021-03-28/devstack.raw.tar.gz \ - --licenses "https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx" - fi - fi + ;; + *) + echo "Unsupported flavor: ${FLAVOR}" + exit 1 + ;; + esac if ! gcloud compute instances describe devstack --zone "${GCP_ZONE}" > /dev/null 2>&1; then From 8f4b52c42d8984f718858ad2fe54b1943f8b954d Mon Sep 17 00:00:00 2001 From: kayrus Date: Thu, 19 Oct 2023 20:15:18 +0200 Subject: [PATCH 6/6] Switch to a new CI --- .github/workflows/release-cpo.yaml | 22 ---------------- cloudbuild.yaml | 42 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 22 deletions(-) create mode 100644 cloudbuild.yaml diff --git a/.github/workflows/release-cpo.yaml b/.github/workflows/release-cpo.yaml index bbb3820e55..68d38d410c 100644 --- a/.github/workflows/release-cpo.yaml +++ b/.github/workflows/release-cpo.yaml @@ -13,28 +13,6 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - uses: actions/setup-go@v3 - with: - go-version: 1.19 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to docker hub - uses: docker/login-action@v1 - with: - registry: docker.io - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Get the version from ref - id: get_version - run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} - - - name: build & publish images - run: | - REGISTRY=docker.io/k8scloudprovider ARCHS='amd64 arm arm64 ppc64le s390x' GOOS=linux VERSION=${{ steps.get_version.outputs.VERSION }} make upload-images - - name: Create Release id: create_release uses: actions/create-release@v1 diff --git a/cloudbuild.yaml b/cloudbuild.yaml new file mode 100644 index 0000000000..1f80394b82 --- /dev/null +++ b/cloudbuild.yaml @@ -0,0 +1,42 @@ +# See https://cloud.google.com/cloud-build/docs/build-config + +# this must be specified in seconds. If omitted, defaults to 600s (10 mins) +timeout: 1200s +# this prevents errors if you don't use both _GIT_TAG and _PULL_BASE_REF, +# or any new substitutions added in the future. +options: + dynamic_substitutions: true + substitution_option: ALLOW_LOOSE + machineType: 'N1_HIGHCPU_8' +steps: + - name: gcr.io/k8s-testimages/gcb-docker-gcloud + entrypoint: bash + env: + # default cloudbuild has HOME=/builder/home and docker buildx is in /root/.docker/cli-plugins/docker-buildx + # set the home to /root explicitly to if using docker buildx + - HOME=/root + args: + - -c + - | + set -xeuo pipefail + + # Create docker credentials for pushing to gcr.io from our inherited + # gcloud credentials + gcloud auth configure-docker + + # Run the image's buildx entrypoint to initialise the build environment + # appropriately for the image before running make + /buildx-entrypoint version + + make push-multiarch-images \ + REGISTRY=gcr.io/$PROJECT_ID +substitutions: + # _GIT_TAG will be filled with a git-based tag for the image, of the form + # vYYYYMMDD-hash, and can be used as a substitution + _GIT_TAG: 'v99999999-v12345' + # Remove date prefix (first 10 characters) to create valid semver version: + # v20220510-v1.24.0-alpha.0-15-g09bd268 => v1.24.0-alpha.0-15-g09bd268 + _SHORT_TAG: '${_GIT_TAG:10}' + # _PULL_BASE_REF will contain the ref that was pushed to to trigger this + # build - a branch like 'master' or 'release-0.2', or a tag like 'v0.2'. + _PULL_BASE_REF: 'master'