[pull] master from kubernetes:master#1924
Open
pull[bot] wants to merge 7873 commits intonext-stack:masterfrom
Open
[pull] master from kubernetes:master#1924pull[bot] wants to merge 7873 commits intonext-stack:masterfrom
pull[bot] wants to merge 7873 commits intonext-stack:masterfrom
Conversation
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
test: Dump logs for upgrade-ab scenario when failing during validation
azure: Add support for Azure Disk CSI Driver
This adds the firewall rule and forwarding rule allowing access from nodes to the control plane's cilium etcd port 4003
This allows a MIG to be deleted when an underlying instance is not found
gce: support for role=apiserver
Fix cilium-etcd on GCE
gce: Fix instance group deletion
Move johngmyers to emeritus
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
test: Update verify-terraform to use v1.14.8 and support optional filter
build: strip release binaries by default
Fix support for VPC CNI + Debian 11
RHEL 9 ships NetworkManager-cloud-setup, whose nm-cloud-setup.service +
.timer poll IMDS for the secondary IPs assigned to ENIs (the AWS VPC
CNI's pod IPs) and tell NetworkManager to install per-IP source-routing
rules in reserved tables 30200/30201/30400/30401:
30200: from <pod-ip> lookup 30200 proto static
30400: from <pod-ip> lookup 30400 proto static
...
32765: from <secondary-eni-primary-ip> lookup 2 ← AWS VPC CNI
The 30xxx priorities are below the AWS VPC CNI's rule at 32765, so they
take precedence. Pod traffic gets routed through tables that don't have
the routes the CNI needs for the service CIDR or IMDS, and pods can't
reach 100.64.0.1 or 169.254.169.254. Cluster validation times out with
all ebs-csi-node and CoreDNS pods stuck not-ready.
AWS's own VPC CNI troubleshooting guide explicitly calls out that
nm-cloud-setup must be disabled on EC2 nodes using the VPC CNI; EKS
AMIs ship without it, RHEL 9's stock cloud image enables it.
Mask both nm-cloud-setup.service and nm-cloud-setup.timer so neither
the periodic timer nor a package preset can re-enable them, then bounce
the active NetworkManager connections with `
nmcli connection down/up`
to drop the rules and routes nm-cloud-setup pushed before nodeup ran.
A marker file at /etc/kops/nm-cloud-setup-disabled keeps the disable
idempotent across nodeup re-runs.
Update k8s.io dependencies and Go to v1.26.2
Fix support for VPC CNI + RHEL9
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
protobuf: Migrate to google.golang.org/protobuf
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
Trimmed in-tree copy of helm's strvals parser at v3.19.4. Only ParseInto
and ParseIntoString are kept; the JSON, file, and literal value branches
along with their unused public APIs are removed. github.com/pkg/errors
is replaced with stdlib errors and fmt.Errorf("%w").
Replaces helm.sh/helm/v3/pkg/strvals and helm.sh/helm/v3/pkg/cli/values with the in-tree fork at third_party/forked/helmstrvals plus a small inline mergeMaps for value-file loading. Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
clouddns is the only kops package that imports cloud-provider-gcp, and it uses exactly one helper: gce.NewAltTokenSource. The full module pulls in compute/v0.alpha and compute/v0.beta along with k8s-cloud-provider, none of which kops touches. Fork the AltTokenSource type from k8s.io/cloud-provider-gcp/providers/gce/token_source.go at v32.4.0 into third_party/forked/gcetokensource. The Prometheus counters and their legacyregistry registration are dropped; everything else is preserved verbatim. Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
clouddns is now the only kops consumer of the fork; cloud-provider-gcp and the GoogleCloudPlatform/k8s-cloud-provider chain that came with it fall out, and so do the unused google.golang.org/api/compute/v0.alpha and v0.beta SDKs. Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
`make gomod` propagates the dropped indirect deps from the main module to the tests/e2e submodule. Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
chore: drop helm dependency and fork strvals
chore: switch structured-merge-diff from v4 to v6
chore: drop cloud-provider-gcp dependency and fork NewAltTokenSource
Upgrade AWS load balancer controller to 3.3.0
azure: encode storage account in azureblob:// URLs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )