chore: update gomod for cherrypick

charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: ec2nodeclasses.karpenter.k8s.aws
 spec:
   group: karpenter.k8s.aws
@@ -162,24 +162,18 @@ spec:
                               gp2 volumes, this represents the baseline performance of the volume and the
                               rate at which the volume accumulates I/O credits for bursting.
 
-
                               The following are the supported values for each volume type:
 
-
                                  * gp3: 3,000-16,000 IOPS
 
-
                                  * io1: 100-64,000 IOPS
 
-
                                  * io2: 100-64,000 IOPS
 
-
                               For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built
                               on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances).
                               Other instance families guarantee performance up to 32,000 IOPS.
 
-
                               This parameter is supported for io1, io2, and gp3 volumes only. This parameter
                               is not supported for gp2, st1, sc1, or standard volumes.
                             format: int64
@@ -202,16 +196,12 @@ spec:
                               a volume size. The following are the supported volumes sizes for each volume
                               type:
 
-
                                  * gp2 and gp3: 1-16,384
 
-
                                  * io1 and io2: 4-16,384
 
-
                                  * st1 and sc1: 125-16,384
 
-
                                  * standard: 1-1,024
                             pattern: ^((?:[1-9][0-9]{0,3}|[1-4][0-9]{4}|[5][0-8][0-9]{3}|59000)Gi|(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-3][0-9]{3}|64000)G|([1-9]||[1-5][0-7]|58)Ti|([1-9]||[1-5][0-9]|6[0-3]|64)T)$
                             type: string
@@ -390,14 +380,12 @@ spec:
                   description: |-
                     MetadataOptions for the generated launch template of provisioned nodes.
 
-
                     This specifies the exposure of the Instance Metadata Service to
                     provisioned EC2 nodes. For more information,
                     see Instance Metadata and User Data
                     (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
                     in the Amazon Elastic Compute Cloud User Guide.
 
-
                     Refer to recommended, security best practices
                     (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node)
                     for limiting exposure of Instance Metadata and User Data to pods.
@@ -412,7 +400,6 @@ spec:
                         nodes. If metadata options is non-nil, but this parameter is not specified,
                         the default state is "enabled".
 
-
                         If you specify a value of "disabled", instance metadata will not be accessible
                         on the node.
                       enum:
@@ -448,14 +435,12 @@ spec:
                         requests. If metadata options is non-nil, but this parameter is not
                         specified, the default state is "required".
 
-
                         If the state is optional, one can choose to retrieve instance metadata with
                         or without a signed token header on the request. If one retrieves the IAM
                         role credentials without a token, the version 1.0 role credentials are
                         returned. If one retrieves the IAM role credentials using a valid signed
                         token, the version 2.0 role credentials are returned.
 
-
                         If the state is "required", one must send a signed token header with any
                         instance metadata retrieval requests. In this state, retrieving the IAM
                         role credentials always returns the version 2.0 credentials; the version
@@ -691,12 +676,7 @@ spec:
                           - Unknown
                         type: string
                       type:
-                        description: |-
-                          type of condition in CamelCase or in foo.example.com/CamelCase.
-                          ---
-                          Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-                          useful (see .node.status.conditions), the ability to deconflict is important.
-                          The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                        description: type of condition in CamelCase or in foo.example.com/CamelCase.
                         maxLength: 316
                         pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                         type: string
@@ -862,24 +842,18 @@ spec:
                               gp2 volumes, this represents the baseline performance of the volume and the
                               rate at which the volume accumulates I/O credits for bursting.
 
-
                               The following are the supported values for each volume type:
 
-
                                  * gp3: 3,000-16,000 IOPS
 
-
                                  * io1: 100-64,000 IOPS
 
-
                                  * io2: 100-64,000 IOPS
 
-
                               For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built
                               on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances).
                               Other instance families guarantee performance up to 32,000 IOPS.
 
-
                               This parameter is supported for io1, io2, and gp3 volumes only. This parameter
                               is not supported for gp2, st1, sc1, or standard volumes.
                             format: int64
@@ -908,16 +882,12 @@ spec:
                               a volume size. The following are the supported volumes sizes for each volume
                               type:
 
-
                                  * gp2 and gp3: 1-16,384
 
-
                                  * io1 and io2: 4-16,384
 
-
                                  * st1 and sc1: 125-16,384
 
-
                                  * standard: 1-1,024
                             x-kubernetes-int-or-string: true
                           volumeType:
@@ -981,14 +951,12 @@ spec:
                   description: |-
                     MetadataOptions for the generated launch template of provisioned nodes.
 
-
                     This specifies the exposure of the Instance Metadata Service to
                     provisioned EC2 nodes. For more information,
                     see Instance Metadata and User Data
                     (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)
                     in the Amazon Elastic Compute Cloud User Guide.
 
-
                     Refer to recommended, security best practices
                     (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node)
                     for limiting exposure of Instance Metadata and User Data to pods.
@@ -1003,7 +971,6 @@ spec:
                         nodes. If metadata options is non-nil, but this parameter is not specified,
                         the default state is "enabled".
 
-
                         If you specify a value of "disabled", instance metadata will not be accessible
                         on the node.
                       enum:
@@ -1039,14 +1006,12 @@ spec:
                         requests. If metadata options is non-nil, but this parameter is not
                         specified, the default state is "required".
 
-
                         If the state is optional, one can choose to retrieve instance metadata with
                         or without a signed token header on the request. If one retrieves the IAM
                         role credentials without a token, the version 1.0 role credentials are
                         returned. If one retrieves the IAM role credentials using a valid signed
                         token, the version 2.0 role credentials are returned.
 
-
                         If the state is "required", one must send a signed token header with any
                         instance metadata retrieval requests. In this state, retrieving the IAM
                         role credentials always returns the version 2.0 credentials; the version

charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: nodeclaims.karpenter.sh
 spec:
   group: karpenter.sh

charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: nodepools.karpenter.sh
 spec:
   group: karpenter.sh
@@ -71,6 +71,8 @@ spec:
                 from a combination of nodepool and pod scheduling constraints.
               properties:
                 disruption:
+                  default:
+                    consolidateAfter: 0s
                   description: Disruption contains the parameters that relate to Karpenter's disruption logic
                   properties:
                     budgets:

go.mod

@@ -29,7 +29,7 @@ require (
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	knative.dev/pkg v0.0.0-20231010144348-ca8c009405dd
 	sigs.k8s.io/controller-runtime v0.18.4
-	sigs.k8s.io/karpenter v0.35.8
+	sigs.k8s.io/karpenter v0.35.9-0.20240917214244-7d867c8a6c21
 	sigs.k8s.io/yaml v1.4.0
 )
 

go.sum

@@ -759,8 +759,8 @@ sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHv
 sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/karpenter v0.35.8 h1:nAoVCEIAVYPs/hJsdjj/aDpcLulUXfm8PUnG3qw6+Wc=
-sigs.k8s.io/karpenter v0.35.8/go.mod h1:yc0tuxIGQ8azrMSJ1KG5IxQ+LoKZ34ayPbo0/nCs0CE=
+sigs.k8s.io/karpenter v0.35.9-0.20240917214244-7d867c8a6c21 h1:5eJca6xgM312SPqJC7cHqY6gw6bAo4LfE+69APH2PfI=
+sigs.k8s.io/karpenter v0.35.9-0.20240917214244-7d867c8a6c21/go.mod h1:yc0tuxIGQ8azrMSJ1KG5IxQ+LoKZ34ayPbo0/nCs0CE=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=

hack/toolchain.sh

@@ -16,7 +16,7 @@ tools() {
     go install github.com/mikefarah/yq/v4@latest
     go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
     go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
-    go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.15.0
+    go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.3
     go install github.com/sigstore/cosign/v2/cmd/cosign@latest
     go install -tags extended github.com/gohugoio/[email protected]
     go install golang.org/x/vuln/cmd/govulncheck@latest