From 60d47bf47b4feb07eda2cab2674a16a46e61e58d Mon Sep 17 00:00:00 2001 From: Nick Tran <10810510+njtran@users.noreply.github.com> Date: Wed, 18 Sep 2024 17:39:49 -0700 Subject: [PATCH] chore: update gomod for cherrypick (#7033) --- .../karpenter.k8s.aws_ec2nodeclasses.yaml | 39 +------------------ .../templates/karpenter.sh_nodeclaims.yaml | 2 +- .../templates/karpenter.sh_nodepools.yaml | 4 +- go.mod | 2 +- go.sum | 4 +- hack/toolchain.sh | 2 +- .../karpenter.k8s.aws_ec2nodeclasses.yaml | 39 +------------------ pkg/apis/crds/karpenter.sh_nodeclaims.yaml | 2 +- pkg/apis/crds/karpenter.sh_nodepools.yaml | 4 +- pkg/apis/v1/ec2nodeclass.go | 4 +- pkg/apis/v1beta1/ec2nodeclass.go | 4 +- 11 files changed, 20 insertions(+), 86 deletions(-) diff --git a/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml b/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml index 4c39a3ce7146..196008df8d4e 100644 --- a/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml +++ b/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: ec2nodeclasses.karpenter.k8s.aws spec: group: karpenter.k8s.aws @@ -162,24 +162,18 @@ spec: gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. - The following are the supported values for each volume type: - * gp3: 3,000-16,000 IOPS - * io1: 100-64,000 IOPS - * io2: 100-64,000 IOPS - For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). Other instance families guarantee performance up to 32,000 IOPS. - This parameter is supported for io1, io2, and gp3 volumes only. This parameter is not supported for gp2, st1, sc1, or standard volumes. format: int64 @@ -202,16 +196,12 @@ spec: a volume size. The following are the supported volumes sizes for each volume type: - * gp2 and gp3: 1-16,384 - * io1 and io2: 4-16,384 - * st1 and sc1: 125-16,384 - * standard: 1-1,024 pattern: ^((?:[1-9][0-9]{0,3}|[1-4][0-9]{4}|[5][0-8][0-9]{3}|59000)Gi|(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-3][0-9]{3}|64000)G|([1-9]||[1-5][0-7]|58)Ti|([1-9]||[1-5][0-9]|6[0-3]|64)T)$ type: string @@ -390,14 +380,12 @@ spec: description: |- MetadataOptions for the generated launch template of provisioned nodes. - This specifies the exposure of the Instance Metadata Service to provisioned EC2 nodes. For more information, see Instance Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the Amazon Elastic Compute Cloud User Guide. - Refer to recommended, security best practices (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) for limiting exposure of Instance Metadata and User Data to pods. @@ -412,7 +400,6 @@ spec: nodes. If metadata options is non-nil, but this parameter is not specified, the default state is "enabled". - If you specify a value of "disabled", instance metadata will not be accessible on the node. enum: @@ -448,14 +435,12 @@ spec: requests. If metadata options is non-nil, but this parameter is not specified, the default state is "required". - If the state is optional, one can choose to retrieve instance metadata with or without a signed token header on the request. If one retrieves the IAM role credentials without a token, the version 1.0 role credentials are returned. If one retrieves the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned. - If the state is "required", one must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version @@ -691,12 +676,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -862,24 +842,18 @@ spec: gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. - The following are the supported values for each volume type: - * gp3: 3,000-16,000 IOPS - * io1: 100-64,000 IOPS - * io2: 100-64,000 IOPS - For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). Other instance families guarantee performance up to 32,000 IOPS. - This parameter is supported for io1, io2, and gp3 volumes only. This parameter is not supported for gp2, st1, sc1, or standard volumes. format: int64 @@ -908,16 +882,12 @@ spec: a volume size. The following are the supported volumes sizes for each volume type: - * gp2 and gp3: 1-16,384 - * io1 and io2: 4-16,384 - * st1 and sc1: 125-16,384 - * standard: 1-1,024 x-kubernetes-int-or-string: true volumeType: @@ -981,14 +951,12 @@ spec: description: |- MetadataOptions for the generated launch template of provisioned nodes. - This specifies the exposure of the Instance Metadata Service to provisioned EC2 nodes. For more information, see Instance Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the Amazon Elastic Compute Cloud User Guide. - Refer to recommended, security best practices (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) for limiting exposure of Instance Metadata and User Data to pods. @@ -1003,7 +971,6 @@ spec: nodes. If metadata options is non-nil, but this parameter is not specified, the default state is "enabled". - If you specify a value of "disabled", instance metadata will not be accessible on the node. enum: @@ -1039,14 +1006,12 @@ spec: requests. If metadata options is non-nil, but this parameter is not specified, the default state is "required". - If the state is optional, one can choose to retrieve instance metadata with or without a signed token header on the request. If one retrieves the IAM role credentials without a token, the version 1.0 role credentials are returned. If one retrieves the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned. - If the state is "required", one must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml index 6fc736844bf4..e88cd45ff302 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: nodeclaims.karpenter.sh spec: group: karpenter.sh diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml index e37fd9ab9411..6eb224eb89a3 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: nodepools.karpenter.sh spec: group: karpenter.sh @@ -71,6 +71,8 @@ spec: from a combination of nodepool and pod scheduling constraints. properties: disruption: + default: + consolidateAfter: 0s description: Disruption contains the parameters that relate to Karpenter's disruption logic properties: budgets: diff --git a/go.mod b/go.mod index 68a4b6f29dc2..c993e26814a0 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( k8s.io/utils v0.0.0-20240102154912-e7106e64919e knative.dev/pkg v0.0.0-20231010144348-ca8c009405dd sigs.k8s.io/controller-runtime v0.18.4 - sigs.k8s.io/karpenter v0.35.8 + sigs.k8s.io/karpenter v0.35.9-0.20240917214244-7d867c8a6c21 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index c0a93af56831..83245b182208 100644 --- a/go.sum +++ b/go.sum @@ -759,8 +759,8 @@ sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHv sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/karpenter v0.35.8 h1:nAoVCEIAVYPs/hJsdjj/aDpcLulUXfm8PUnG3qw6+Wc= -sigs.k8s.io/karpenter v0.35.8/go.mod h1:yc0tuxIGQ8azrMSJ1KG5IxQ+LoKZ34ayPbo0/nCs0CE= +sigs.k8s.io/karpenter v0.35.9-0.20240917214244-7d867c8a6c21 h1:5eJca6xgM312SPqJC7cHqY6gw6bAo4LfE+69APH2PfI= +sigs.k8s.io/karpenter v0.35.9-0.20240917214244-7d867c8a6c21/go.mod h1:yc0tuxIGQ8azrMSJ1KG5IxQ+LoKZ34ayPbo0/nCs0CE= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/hack/toolchain.sh b/hack/toolchain.sh index 7e68188363eb..4e2c06a6b8f4 100755 --- a/hack/toolchain.sh +++ b/hack/toolchain.sh @@ -16,7 +16,7 @@ tools() { go install github.com/mikefarah/yq/v4@latest go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest - go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.15.0 + go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.3 go install github.com/sigstore/cosign/v2/cmd/cosign@latest go install -tags extended github.com/gohugoio/hugo@v0.110.0 go install golang.org/x/vuln/cmd/govulncheck@latest diff --git a/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml b/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml index ca2d33ad8a41..654f1b452431 100644 --- a/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml +++ b/pkg/apis/crds/karpenter.k8s.aws_ec2nodeclasses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: ec2nodeclasses.karpenter.k8s.aws spec: group: karpenter.k8s.aws @@ -162,24 +162,18 @@ spec: gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. - The following are the supported values for each volume type: - * gp3: 3,000-16,000 IOPS - * io1: 100-64,000 IOPS - * io2: 100-64,000 IOPS - For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). Other instance families guarantee performance up to 32,000 IOPS. - This parameter is supported for io1, io2, and gp3 volumes only. This parameter is not supported for gp2, st1, sc1, or standard volumes. format: int64 @@ -202,16 +196,12 @@ spec: a volume size. The following are the supported volumes sizes for each volume type: - * gp2 and gp3: 1-16,384 - * io1 and io2: 4-16,384 - * st1 and sc1: 125-16,384 - * standard: 1-1,024 pattern: ^((?:[1-9][0-9]{0,3}|[1-4][0-9]{4}|[5][0-8][0-9]{3}|59000)Gi|(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-3][0-9]{3}|64000)G|([1-9]||[1-5][0-7]|58)Ti|([1-9]||[1-5][0-9]|6[0-3]|64)T)$ type: string @@ -390,14 +380,12 @@ spec: description: |- MetadataOptions for the generated launch template of provisioned nodes. - This specifies the exposure of the Instance Metadata Service to provisioned EC2 nodes. For more information, see Instance Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the Amazon Elastic Compute Cloud User Guide. - Refer to recommended, security best practices (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) for limiting exposure of Instance Metadata and User Data to pods. @@ -412,7 +400,6 @@ spec: nodes. If metadata options is non-nil, but this parameter is not specified, the default state is "enabled". - If you specify a value of "disabled", instance metadata will not be accessible on the node. enum: @@ -448,14 +435,12 @@ spec: requests. If metadata options is non-nil, but this parameter is not specified, the default state is "required". - If the state is optional, one can choose to retrieve instance metadata with or without a signed token header on the request. If one retrieves the IAM role credentials without a token, the version 1.0 role credentials are returned. If one retrieves the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned. - If the state is "required", one must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version @@ -691,12 +676,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -862,24 +842,18 @@ spec: gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. - The following are the supported values for each volume type: - * gp3: 3,000-16,000 IOPS - * io1: 100-64,000 IOPS - * io2: 100-64,000 IOPS - For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). Other instance families guarantee performance up to 32,000 IOPS. - This parameter is supported for io1, io2, and gp3 volumes only. This parameter is not supported for gp2, st1, sc1, or standard volumes. format: int64 @@ -908,16 +882,12 @@ spec: a volume size. The following are the supported volumes sizes for each volume type: - * gp2 and gp3: 1-16,384 - * io1 and io2: 4-16,384 - * st1 and sc1: 125-16,384 - * standard: 1-1,024 x-kubernetes-int-or-string: true volumeType: @@ -981,14 +951,12 @@ spec: description: |- MetadataOptions for the generated launch template of provisioned nodes. - This specifies the exposure of the Instance Metadata Service to provisioned EC2 nodes. For more information, see Instance Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the Amazon Elastic Compute Cloud User Guide. - Refer to recommended, security best practices (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) for limiting exposure of Instance Metadata and User Data to pods. @@ -1003,7 +971,6 @@ spec: nodes. If metadata options is non-nil, but this parameter is not specified, the default state is "enabled". - If you specify a value of "disabled", instance metadata will not be accessible on the node. enum: @@ -1039,14 +1006,12 @@ spec: requests. If metadata options is non-nil, but this parameter is not specified, the default state is "required". - If the state is optional, one can choose to retrieve instance metadata with or without a signed token header on the request. If one retrieves the IAM role credentials without a token, the version 1.0 role credentials are returned. If one retrieves the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned. - If the state is "required", one must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version diff --git a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml index 02e78785fa1a..619892f7e960 100644 --- a/pkg/apis/crds/karpenter.sh_nodeclaims.yaml +++ b/pkg/apis/crds/karpenter.sh_nodeclaims.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: nodeclaims.karpenter.sh spec: group: karpenter.sh diff --git a/pkg/apis/crds/karpenter.sh_nodepools.yaml b/pkg/apis/crds/karpenter.sh_nodepools.yaml index babaa1bb6ae1..414848f64b9f 100644 --- a/pkg/apis/crds/karpenter.sh_nodepools.yaml +++ b/pkg/apis/crds/karpenter.sh_nodepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: nodepools.karpenter.sh spec: group: karpenter.sh @@ -71,6 +71,8 @@ spec: from a combination of nodepool and pod scheduling constraints. properties: disruption: + default: + consolidateAfter: 0s description: Disruption contains the parameters that relate to Karpenter's disruption logic properties: budgets: diff --git a/pkg/apis/v1/ec2nodeclass.go b/pkg/apis/v1/ec2nodeclass.go index 0ec8e6e8d7d3..2eb3ed4f1ef5 100644 --- a/pkg/apis/v1/ec2nodeclass.go +++ b/pkg/apis/v1/ec2nodeclass.go @@ -324,11 +324,11 @@ type MetadataOptions struct { type BlockDeviceMapping struct { // The device name (for example, /dev/sdh or xvdh). - // +required + // +optional DeviceName *string `json:"deviceName,omitempty"` // EBS contains parameters used to automatically set up EBS volumes when an instance is launched. // +kubebuilder:validation:XValidation:message="snapshotID or volumeSize must be defined",rule="has(self.snapshotID) || has(self.volumeSize)" - // +required + // +optional EBS *BlockDevice `json:"ebs,omitempty"` // RootVolume is a flag indicating if this device is mounted as kubelet root dir. You can // configure at most one root volume in BlockDeviceMappings. diff --git a/pkg/apis/v1beta1/ec2nodeclass.go b/pkg/apis/v1beta1/ec2nodeclass.go index e1c325e2f5f2..36ee9c73e8c6 100644 --- a/pkg/apis/v1beta1/ec2nodeclass.go +++ b/pkg/apis/v1beta1/ec2nodeclass.go @@ -226,11 +226,11 @@ type MetadataOptions struct { type BlockDeviceMapping struct { // The device name (for example, /dev/sdh or xvdh). - // +required + // +optional DeviceName *string `json:"deviceName,omitempty"` // EBS contains parameters used to automatically set up EBS volumes when an instance is launched. // +kubebuilder:validation:XValidation:message="snapshotID or volumeSize must be defined",rule="has(self.snapshotID) || has(self.volumeSize)" - // +required + // +optional EBS *BlockDevice `json:"ebs,omitempty"` // RootVolume is a flag indicating if this device is mounted as kubelet root dir. You can // configure at most one root volume in BlockDeviceMappings.