Skip to content

Commit

Permalink
Release 1.6 (#483)
Browse files Browse the repository at this point in the history
* add finalizer handler in v1.4

* fix an err variable

* adding logs for mismatched CNINode

* add metrics for mismatches

* update EC2 instance types

* Update aws-sdk-go and change way to get regional sts endpoint (#466)

* Missing dependency update

* Remove hard failure for not getting global STS endpoint (#467)

* updating k8s manifest

* chaning go to major.minor format (#477)

* updating go version and controller-gen version (#464)

* Add new target for building docker images with no tests (#415)

* updating rbac

* Add Windows secondary IP mode configurable options for managing IP address allocation (#443)

* Add Windows secondary IP mode configurable options (#443)

#443

* Various code fixes for PR feedback

#443

* adding ctx in test

* updating ec2 supported instance types (#475)

---------

Co-authored-by: Hao Zhou <[email protected]>
Co-authored-by: Jay Deokar <[email protected]>
Co-authored-by: Jay Deokar <[email protected]>
Co-authored-by: Tatenda Zifudzi <[email protected]>
  • Loading branch information
5 people authored Oct 22, 2024
1 parent c899086 commit bbad908
Show file tree
Hide file tree
Showing 42 changed files with 2,508 additions and 381 deletions.
2 changes: 1 addition & 1 deletion .go-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.21.9
1.22
10 changes: 6 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,10 @@ VERSION ?= $(GIT_VERSION)
IMAGE ?= $(REPO):$(VERSION)
BASE_IMAGE ?= public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:latest.2
GOLANG_VERSION ?= $(shell cat .go-version)
BUILD_IMAGE ?= public.ecr.aws/bitnami/golang:$(GOLANG_VERSION)
BUILD_IMAGE ?= public.ecr.aws/docker/library/golang:$(GOLANG_VERSION)
GOARCH ?= amd64
PLATFORM ?= linux/amd64

export GOSUMDB = sum.golang.org
export GOTOOLCHAIN = go$(GOLANG_VERSION)

help: ## Display help
@awk 'BEGIN {FS = ":.*##"; printf "Usage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

Expand Down Expand Up @@ -79,6 +76,11 @@ docker-buildx: check-env test
docker-build: check-env test
docker build --build-arg BASE_IMAGE=$(BASE_IMAGE) --build-arg ARCH=$(GOARCH) --build-arg BUILD_IMAGE=$(BUILD_IMAGE) . -t ${IMAGE}


# Build the docker image with buildx and no tests
docker-buildx-no-test:
docker buildx build --platform=$(PLATFORM) -t $(IMAGE)_$(GOARCH) --build-arg BASE_IMAGE=$(BASE_IMAGE) --build-arg BUILD_IMAGE=$(BUILD_IMAGE) --build-arg $(GOARCH) --load .

# Push the docker image
docker-push: check-env
docker push ${IMAGE}
Expand Down
1 change: 0 additions & 1 deletion apis/vpcresources/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion apis/vpcresources/v1beta1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 15 additions & 10 deletions config/crd/bases/vpcresources.k8s.aws_cninodes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.14.0
name: cninodes.vpcresources.k8s.aws
spec:
group: vpcresources.k8s.aws
Expand All @@ -27,20 +26,26 @@ spec:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: 'Important: Run "make" to regenerate code after modifying
this file CNINodeSpec defines the desired state of CNINode'
description: |-
Important: Run "make" to regenerate code after modifying this file
CNINodeSpec defines the desired state of CNINode
properties:
features:
items:
Expand Down
96 changes: 50 additions & 46 deletions config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.14.0
name: securitygrouppolicies.vpcresources.k8s.aws
spec:
group: vpcresources.k8s.aws
Expand All @@ -29,48 +28,53 @@ spec:
description: Custom Resource Definition for applying security groups to pods
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SecurityGroupPolicySpec defines the desired state of SecurityGroupPolicy
properties:
podSelector:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
Expand All @@ -83,13 +87,13 @@ spec:
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
securityGroups:
description: GroupIds contains the list of security groups that will
be applied to the network interface of the pod matching the criteria.
Expand All @@ -104,33 +108,33 @@ spec:
type: array
type: object
serviceAccountSelector:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
Expand All @@ -143,13 +147,13 @@ spec:
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
type: object
type: object
served: true
Expand Down
2 changes: 0 additions & 2 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: controller-role
rules:
- apiGroups:
Expand Down Expand Up @@ -74,7 +73,6 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: controller-role
namespace: kube-system
rules:
Expand Down
16 changes: 7 additions & 9 deletions config/webhook/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
Expand All @@ -29,7 +28,6 @@ webhooks:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: validating-webhook-configuration
webhooks:
- admissionReviewVersions:
Expand All @@ -38,38 +36,38 @@ webhooks:
service:
name: webhook-service
namespace: system
path: /validate-v1-pod
path: /validate-v1-node
failurePolicy: Ignore
matchPolicy: Equivalent
name: vpod.vpc.k8s.aws
name: vnode.vpc.k8s.aws
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
- nodes
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /validate-v1-node
path: /validate-v1-pod
failurePolicy: Ignore
matchPolicy: Equivalent
name: vnode.vpc.k8s.aws
name: vpod.vpc.k8s.aws
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- nodes
- pods
sideEffects: None
40 changes: 26 additions & 14 deletions controllers/core/configmap_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ type ConfigMapReconciler struct {
Condition condition.Conditions
curWinIPAMEnabledCond bool
curWinPrefixDelegationEnabledCond bool
curWinPDWarmIPTarget int
curWinPDMinIPTarget int
curWinWarmIPTarget int
curWinMinIPTarget int
curWinPDWarmPrefixTarget int
Context context.Context
}
Expand Down Expand Up @@ -116,21 +116,33 @@ func (r *ConfigMapReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
isPrefixFlagUpdated = true
}

// Check if configurations for Windows prefix delegation have changed
var isPDConfigUpdated bool
warmIPTarget, minIPTarget, warmPrefixTarget := config.ParseWinPDTargets(r.Log, configmap)
if r.curWinPDWarmIPTarget != warmIPTarget || r.curWinPDMinIPTarget != minIPTarget || r.curWinPDWarmPrefixTarget != warmPrefixTarget {
r.curWinPDWarmIPTarget = warmIPTarget
r.curWinPDMinIPTarget = minIPTarget
// Check if Windows IP target configurations in ConfigMap have changed
var isWinIPConfigsUpdated bool

warmIPTarget, minIPTarget, warmPrefixTarget, isPDEnabled := config.ParseWinIPTargetConfigs(r.Log, configmap)
var winMinIPTargetUpdated = r.curWinMinIPTarget != minIPTarget
var winWarmIPTargetUpdated = r.curWinWarmIPTarget != warmIPTarget
var winPDWarmPrefixTargetUpdated = r.curWinPDWarmPrefixTarget != warmPrefixTarget
if winWarmIPTargetUpdated || winMinIPTargetUpdated {
r.curWinWarmIPTarget = warmIPTarget
r.curWinMinIPTarget = minIPTarget
isWinIPConfigsUpdated = true
}
if isPDEnabled && winPDWarmPrefixTargetUpdated {
r.curWinPDWarmPrefixTarget = warmPrefixTarget
logger.Info("updated PD configs from configmap", config.WarmIPTarget, r.curWinPDWarmIPTarget,
config.MinimumIPTarget, r.curWinPDMinIPTarget, config.WarmPrefixTarget, r.curWinPDWarmPrefixTarget)

isPDConfigUpdated = true
isWinIPConfigsUpdated = true
}
if isWinIPConfigsUpdated {
logger.Info(
"Detected update in Windows IP configuration parameter values in ConfigMap",
config.WinWarmIPTarget, r.curWinWarmIPTarget,
config.WinMinimumIPTarget, r.curWinMinIPTarget,
config.WinWarmPrefixTarget, r.curWinPDWarmPrefixTarget,
config.EnableWindowsPrefixDelegationKey, isPDEnabled,
)
}

// Flag is updated, update all nodes
if isIPAMFlagUpdated || isPrefixFlagUpdated || isPDConfigUpdated {
if isIPAMFlagUpdated || isPrefixFlagUpdated || isWinIPConfigsUpdated {
err := UpdateNodesOnConfigMapChanges(r.K8sAPI, r.NodeManager)
if err != nil {
// Error in updating nodes
Expand Down
Loading

0 comments on commit bbad908

Please sign in to comment.