From e3fdc16a03f9490049fdb8767b954a99e0a0aeab Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Fri, 5 Jul 2024 05:08:29 +0100 Subject: [PATCH] feat: Update addon versions (#785) Cilium -> 1.15.6 NFD -> 0.16.1 CA -> 9.37.0 AWS EBS CSI -> 2.32.0 KubeVIP -> 0.8.1 --- .../cilium/manifests/cilium-configmap.yaml | 2 +- .../manifests/aws-ebs-csi-configmap.yaml | 135 ++-- .../templates/helm-config.yaml | 6 +- .../manifests/helm-addon-installation.yaml | 2 +- .../node-feature-discovery-configmap.yaml | 610 +++++++++++++----- .../manifests/kube-vip-configmap.yaml | 3 +- .../kustomization.yaml.tmpl | 2 +- .../kustomize/nfd/kustomization.yaml.tmpl | 1 + .../mindthegap-helm-registry/repos.yaml | 6 +- hack/addons/update-cluster-autoscaler.sh | 4 +- hack/addons/update-kube-vip-manifests.sh | 12 +- make/addons.mk | 11 +- 12 files changed, 575 insertions(+), 219 deletions(-) diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/cni/cilium/manifests/cilium-configmap.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/cni/cilium/manifests/cilium-configmap.yaml index 9d21f9090..b6fe39b14 100644 --- a/charts/cluster-api-runtime-extensions-nutanix/templates/cni/cilium/manifests/cilium-configmap.yaml +++ b/charts/cluster-api-runtime-extensions-nutanix/templates/cni/cilium/manifests/cilium-configmap.yaml @@ -8,7 +8,7 @@ apiVersion: v1 data: cilium.json: | - [{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"name":"cilium","namespace":"kube-system"}},{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"name":"cilium-operator","namespace":"kube-system"}},{"apiVersion":"v1","data":{"agent-not-ready-taint-key":"node.cilium.io/agent-not-ready","arping-refresh-period":"30s","auto-direct-node-routes":"false","bpf-lb-acceleration":"disabled","bpf-lb-external-clusterip":"false","bpf-lb-map-max":"65536","bpf-lb-sock":"false","bpf-map-dynamic-size-ratio":"0.0025","bpf-policy-map-max":"16384","bpf-root":"/sys/fs/bpf","cgroup-root":"/run/cilium/cgroupv2","cilium-endpoint-gc-interval":"5m0s","cluster-id":"0","cluster-name":"default","cni-chaining-mode":"portmap","cni-exclusive":"true","cni-log-file":"/var/run/cilium/cilium-cni.log","custom-cni-conf":"false","debug":"false","debug-verbose":"","egress-gateway-reconciliation-trigger-interval":"1s","enable-auto-protect-node-port-range":"true","enable-bgp-control-plane":"false","enable-bpf-clock-probe":"false","enable-endpoint-health-checking":"true","enable-external-ips":"false","enable-health-check-loadbalancer-ip":"false","enable-health-check-nodeport":"true","enable-health-checking":"true","enable-host-legacy-routing":"true","enable-host-port":"false","enable-ipv4":"true","enable-ipv4-big-tcp":"false","enable-ipv4-masquerade":"true","enable-ipv6":"false","enable-ipv6-big-tcp":"false","enable-ipv6-masquerade":"true","enable-k8s-networkpolicy":"true","enable-k8s-terminating-endpoint":"true","enable-l2-neigh-discovery":"true","enable-l7-proxy":"true","enable-local-redirect-policy":"false","enable-masquerade-to-route-source":"false","enable-metrics":"true","enable-node-port":"false","enable-policy":"default","enable-remote-node-identity":"true","enable-sctp":"false","enable-svc-source-range-check":"true","enable-vtep":"false","enable-well-known-identities":"false","enable-xt-socket-fallback":"true","external-envoy-proxy":"false","identity-allocation-mode":"crd","identity-gc-interval":"15m0s","identity-heartbeat-timeout":"30m0s","install-no-conntrack-iptables-rules":"false","ipam":"kubernetes","ipam-cilium-node-update-rate":"15s","k8s-client-burst":"20","k8s-client-qps":"10","kube-proxy-replacement":"false","kube-proxy-replacement-healthz-bind-address":"","max-connected-clusters":"255","mesh-auth-enabled":"true","mesh-auth-gc-interval":"5m0s","mesh-auth-queue-size":"1024","mesh-auth-rotated-identities-queue-size":"1024","monitor-aggregation":"medium","monitor-aggregation-flags":"all","monitor-aggregation-interval":"5s","node-port-bind-protection":"true","nodes-gc-interval":"5m0s","operator-api-serve-addr":"127.0.0.1:9234","operator-prometheus-serve-addr":":9963","policy-cidr-match-mode":"","preallocate-bpf-maps":"false","procfs":"/host/proc","proxy-connect-timeout":"2","proxy-idle-timeout-seconds":"60","proxy-max-connection-duration-seconds":"0","proxy-max-requests-per-connection":"0","proxy-prometheus-port":"9964","proxy-xff-num-trusted-hops-egress":"0","proxy-xff-num-trusted-hops-ingress":"0","remove-cilium-node-taints":"true","routing-mode":"tunnel","service-no-backend-response":"reject","set-cilium-is-up-condition":"true","set-cilium-node-taints":"true","sidecar-istio-proxy-image":"cilium/istio_proxy","skip-cnp-status-startup-clean":"false","synchronize-k8s-nodes":"true","tofqdns-dns-reject-response-code":"refused","tofqdns-enable-dns-compression":"true","tofqdns-endpoint-max-ip-per-hostname":"50","tofqdns-idle-connection-grace-period":"0s","tofqdns-max-deferred-connection-deletes":"10000","tofqdns-proxy-response-max-delay":"100ms","tunnel-protocol":"vxlan","unmanaged-pod-watcher-interval":"15","vtep-cidr":"","vtep-endpoint":"","vtep-mac":"","vtep-mask":"","write-cni-conf-when-ready":"/host/etc/cni/net.d/05-cilium.conflist"},"kind":"ConfigMap","metadata":{"name":"cilium-config","namespace":"kube-system"}},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium"},"rules":[{"apiGroups":["networking.k8s.io"],"resources":["networkpolicies"],"verbs":["get","list","watch"]},{"apiGroups":["discovery.k8s.io"],"resources":["endpointslices"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["namespaces","services","pods","endpoints","nodes"],"verbs":["get","list","watch"]},{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["list","watch","get"]},{"apiGroups":["cilium.io"],"resources":["ciliumloadbalancerippools","ciliumbgppeeringpolicies","ciliumbgpnodeconfigs","ciliumbgpadvertisements","ciliumbgppeerconfigs","ciliumclusterwideenvoyconfigs","ciliumclusterwidenetworkpolicies","ciliumegressgatewaypolicies","ciliumendpoints","ciliumendpointslices","ciliumenvoyconfigs","ciliumidentities","ciliumlocalredirectpolicies","ciliumnetworkpolicies","ciliumnodes","ciliumnodeconfigs","ciliumcidrgroups","ciliuml2announcementpolicies","ciliumpodippools"],"verbs":["list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumidentities","ciliumendpoints","ciliumnodes"],"verbs":["create"]},{"apiGroups":["cilium.io"],"resources":["ciliumidentities"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumendpoints"],"verbs":["delete","get"]},{"apiGroups":["cilium.io"],"resources":["ciliumnodes","ciliumnodes/status"],"verbs":["get","update"]},{"apiGroups":["cilium.io"],"resources":["ciliumnetworkpolicies/status","ciliumclusterwidenetworkpolicies/status","ciliumendpoints/status","ciliumendpoints","ciliuml2announcementpolicies/status","ciliumbgpnodeconfigs/status"],"verbs":["patch"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-operator"},"rules":[{"apiGroups":[""],"resources":["pods"],"verbs":["get","list","watch","delete"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["list","watch"]},{"apiGroups":[""],"resources":["nodes","nodes/status"],"verbs":["patch"]},{"apiGroups":["discovery.k8s.io"],"resources":["endpointslices"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["services/status"],"verbs":["update","patch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["services","endpoints"],"verbs":["get","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumnetworkpolicies","ciliumclusterwidenetworkpolicies"],"verbs":["create","update","deletecollection","patch","get","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumnetworkpolicies/status","ciliumclusterwidenetworkpolicies/status"],"verbs":["patch","update"]},{"apiGroups":["cilium.io"],"resources":["ciliumendpoints","ciliumidentities"],"verbs":["delete","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumidentities"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumnodes"],"verbs":["create","update","get","list","watch","delete"]},{"apiGroups":["cilium.io"],"resources":["ciliumnodes/status"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumendpointslices","ciliumenvoyconfigs","ciliumbgppeerconfigs","ciliumbgpadvertisements","ciliumbgpnodeconfigs"],"verbs":["create","update","get","list","watch","delete","patch"]},{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["create","get","list","watch"]},{"apiGroups":["apiextensions.k8s.io"],"resourceNames":["ciliumloadbalancerippools.cilium.io","ciliumbgppeeringpolicies.cilium.io","ciliumbgpclusterconfigs.cilium.io","ciliumbgppeerconfigs.cilium.io","ciliumbgpadvertisements.cilium.io","ciliumbgpnodeconfigs.cilium.io","ciliumbgpnodeconfigoverrides.cilium.io","ciliumclusterwideenvoyconfigs.cilium.io","ciliumclusterwidenetworkpolicies.cilium.io","ciliumegressgatewaypolicies.cilium.io","ciliumendpoints.cilium.io","ciliumendpointslices.cilium.io","ciliumenvoyconfigs.cilium.io","ciliumexternalworkloads.cilium.io","ciliumidentities.cilium.io","ciliumlocalredirectpolicies.cilium.io","ciliumnetworkpolicies.cilium.io","ciliumnodes.cilium.io","ciliumnodeconfigs.cilium.io","ciliumcidrgroups.cilium.io","ciliuml2announcementpolicies.cilium.io","ciliumpodippools.cilium.io"],"resources":["customresourcedefinitions"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumloadbalancerippools","ciliumpodippools","ciliumbgpclusterconfigs","ciliumbgpnodeconfigoverrides"],"verbs":["get","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumpodippools"],"verbs":["create"]},{"apiGroups":["cilium.io"],"resources":["ciliumloadbalancerippools/status"],"verbs":["patch"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["create","get","update"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cilium"},"subjects":[{"kind":"ServiceAccount","name":"cilium","namespace":"kube-system"}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-operator"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cilium-operator"},"subjects":[{"kind":"ServiceAccount","name":"cilium-operator","namespace":"kube-system"}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-config-agent","namespace":"kube-system"},"rules":[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-config-agent","namespace":"kube-system"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role","name":"cilium-config-agent"},"subjects":[{"kind":"ServiceAccount","name":"cilium","namespace":"kube-system"}]},{"apiVersion":"apps/v1","kind":"DaemonSet","metadata":{"labels":{"app.kubernetes.io/name":"cilium-agent","app.kubernetes.io/part-of":"cilium","k8s-app":"cilium"},"name":"cilium","namespace":"kube-system"},"spec":{"selector":{"matchLabels":{"k8s-app":"cilium"}},"template":{"metadata":{"annotations":{"container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites":"unconfined","container.apparmor.security.beta.kubernetes.io/cilium-agent":"unconfined","container.apparmor.security.beta.kubernetes.io/clean-cilium-state":"unconfined","container.apparmor.security.beta.kubernetes.io/mount-cgroup":"unconfined"},"labels":{"app.kubernetes.io/name":"cilium-agent","app.kubernetes.io/part-of":"cilium","k8s-app":"cilium"}},"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]}},"automountServiceAccountToken":true,"containers":[{"args":["--config-dir=/tmp/cilium/config-map"],"command":["cilium-agent"],"env":[{"name":"K8S_NODE_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"spec.nodeName"}}},{"name":"CILIUM_K8S_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}},{"name":"CILIUM_CLUSTERMESH_CONFIG","value":"/var/lib/cilium/clustermesh/"},{"name":"GOMEMLIMIT","valueFrom":{"resourceFieldRef":{"divisor":"1","resource":"limits.memory"}}}],"image":"quay.io/cilium/cilium:v1.15.5","imagePullPolicy":"IfNotPresent","lifecycle":{"postStart":{"exec":{"command":["bash","-c","set -o errexit\nset -o pipefail\nset -o nounset\n\n# When running in AWS ENI mode, it's likely that 'aws-node' has\n# had a chance to install SNAT iptables rules. These can result\n# in dropped traffic, so we should attempt to remove them.\n# We do it using a 'postStart' hook since this may need to run\n# for nodes which might have already been init'ed but may still\n# have dangling rules. This is safe because there are no\n# dependencies on anything that is part of the startup script\n# itself, and can be safely run multiple times per node (e.g. in\n# case of a restart).\nif [[ \"$(iptables-save | grep -E -c 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN')\" != \"0\" ]];\nthen\n echo 'Deleting iptables rules created by the AWS CNI VPC plugin'\n iptables-save | grep -E -v 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN' | iptables-restore\nfi\necho 'Done!'\n"]}},"preStop":{"exec":{"command":["/cni-uninstall.sh"]}}},"livenessProbe":{"failureThreshold":10,"httpGet":{"host":"127.0.0.1","httpHeaders":[{"name":"brief","value":"true"}],"path":"/healthz","port":9879,"scheme":"HTTP"},"periodSeconds":30,"successThreshold":1,"timeoutSeconds":5},"name":"cilium-agent","readinessProbe":{"failureThreshold":3,"httpGet":{"host":"127.0.0.1","httpHeaders":[{"name":"brief","value":"true"}],"path":"/healthz","port":9879,"scheme":"HTTP"},"periodSeconds":30,"successThreshold":1,"timeoutSeconds":5},"securityContext":{"capabilities":{"add":["CHOWN","KILL","NET_ADMIN","NET_RAW","IPC_LOCK","SYS_MODULE","SYS_ADMIN","SYS_RESOURCE","DAC_OVERRIDE","FOWNER","SETGID","SETUID"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"startupProbe":{"failureThreshold":105,"httpGet":{"host":"127.0.0.1","httpHeaders":[{"name":"brief","value":"true"}],"path":"/healthz","port":9879,"scheme":"HTTP"},"initialDelaySeconds":5,"periodSeconds":2,"successThreshold":1},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/host/proc/sys/net","name":"host-proc-sys-net"},{"mountPath":"/host/proc/sys/kernel","name":"host-proc-sys-kernel"},{"mountPath":"/sys/fs/bpf","mountPropagation":"HostToContainer","name":"bpf-maps"},{"mountPath":"/var/run/cilium","name":"cilium-run"},{"mountPath":"/host/etc/cni/net.d","name":"etc-cni-netd"},{"mountPath":"/var/lib/cilium/clustermesh","name":"clustermesh-secrets","readOnly":true},{"mountPath":"/lib/modules","name":"lib-modules","readOnly":true},{"mountPath":"/run/xtables.lock","name":"xtables-lock"},{"mountPath":"/tmp","name":"tmp"}]}],"hostNetwork":true,"initContainers":[{"command":["cilium-dbg","build-config"],"env":[{"name":"K8S_NODE_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"spec.nodeName"}}},{"name":"CILIUM_K8S_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}}],"image":"quay.io/cilium/cilium:v1.15.5","imagePullPolicy":"IfNotPresent","name":"config","terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/tmp","name":"tmp"}]},{"command":["sh","-ec","cp /usr/bin/cilium-mount /hostbin/cilium-mount;\nnsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt \"${BIN_PATH}/cilium-mount\" $CGROUP_ROOT;\nrm /hostbin/cilium-mount\n"],"env":[{"name":"CGROUP_ROOT","value":"/run/cilium/cgroupv2"},{"name":"BIN_PATH","value":"/opt/cni/bin"}],"image":"quay.io/cilium/cilium:v1.15.5","imagePullPolicy":"IfNotPresent","name":"mount-cgroup","securityContext":{"capabilities":{"add":["SYS_ADMIN","SYS_CHROOT","SYS_PTRACE"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/hostproc","name":"hostproc"},{"mountPath":"/hostbin","name":"cni-path"}]},{"command":["sh","-ec","cp /usr/bin/cilium-sysctlfix /hostbin/cilium-sysctlfix;\nnsenter --mount=/hostproc/1/ns/mnt \"${BIN_PATH}/cilium-sysctlfix\";\nrm /hostbin/cilium-sysctlfix\n"],"env":[{"name":"BIN_PATH","value":"/opt/cni/bin"}],"image":"quay.io/cilium/cilium:v1.15.5","imagePullPolicy":"IfNotPresent","name":"apply-sysctl-overwrites","securityContext":{"capabilities":{"add":["SYS_ADMIN","SYS_CHROOT","SYS_PTRACE"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/hostproc","name":"hostproc"},{"mountPath":"/hostbin","name":"cni-path"}]},{"args":["mount | grep \"/sys/fs/bpf type bpf\" || mount -t bpf bpf /sys/fs/bpf"],"command":["/bin/bash","-c","--"],"image":"quay.io/cilium/cilium:v1.15.5","imagePullPolicy":"IfNotPresent","name":"mount-bpf-fs","securityContext":{"privileged":true},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/sys/fs/bpf","mountPropagation":"Bidirectional","name":"bpf-maps"}]},{"command":["/init-container.sh"],"env":[{"name":"CILIUM_ALL_STATE","valueFrom":{"configMapKeyRef":{"key":"clean-cilium-state","name":"cilium-config","optional":true}}},{"name":"CILIUM_BPF_STATE","valueFrom":{"configMapKeyRef":{"key":"clean-cilium-bpf-state","name":"cilium-config","optional":true}}},{"name":"WRITE_CNI_CONF_WHEN_READY","valueFrom":{"configMapKeyRef":{"key":"write-cni-conf-when-ready","name":"cilium-config","optional":true}}}],"image":"quay.io/cilium/cilium:v1.15.5","imagePullPolicy":"IfNotPresent","name":"clean-cilium-state","securityContext":{"capabilities":{"add":["NET_ADMIN","SYS_MODULE","SYS_ADMIN","SYS_RESOURCE"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/sys/fs/bpf","name":"bpf-maps"},{"mountPath":"/run/cilium/cgroupv2","mountPropagation":"HostToContainer","name":"cilium-cgroup"},{"mountPath":"/var/run/cilium","name":"cilium-run"}]},{"command":["/install-plugin.sh"],"image":"quay.io/cilium/cilium:v1.15.5","imagePullPolicy":"IfNotPresent","name":"install-cni-binaries","resources":{"requests":{"cpu":"100m","memory":"10Mi"}},"securityContext":{"capabilities":{"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/host/opt/cni/bin","name":"cni-path"}]}],"nodeSelector":{"kubernetes.io/os":"linux"},"priorityClassName":"system-node-critical","restartPolicy":"Always","serviceAccount":"cilium","serviceAccountName":"cilium","terminationGracePeriodSeconds":1,"tolerations":[{"operator":"Exists"}],"volumes":[{"emptyDir":{},"name":"tmp"},{"hostPath":{"path":"/var/run/cilium","type":"DirectoryOrCreate"},"name":"cilium-run"},{"hostPath":{"path":"/sys/fs/bpf","type":"DirectoryOrCreate"},"name":"bpf-maps"},{"hostPath":{"path":"/proc","type":"Directory"},"name":"hostproc"},{"hostPath":{"path":"/run/cilium/cgroupv2","type":"DirectoryOrCreate"},"name":"cilium-cgroup"},{"hostPath":{"path":"/opt/cni/bin","type":"DirectoryOrCreate"},"name":"cni-path"},{"hostPath":{"path":"/etc/cni/net.d","type":"DirectoryOrCreate"},"name":"etc-cni-netd"},{"hostPath":{"path":"/lib/modules"},"name":"lib-modules"},{"hostPath":{"path":"/run/xtables.lock","type":"FileOrCreate"},"name":"xtables-lock"},{"name":"clustermesh-secrets","projected":{"defaultMode":256,"sources":[{"secret":{"name":"cilium-clustermesh","optional":true}},{"secret":{"items":[{"key":"tls.key","path":"common-etcd-client.key"},{"key":"tls.crt","path":"common-etcd-client.crt"},{"key":"ca.crt","path":"common-etcd-client-ca.crt"}],"name":"clustermesh-apiserver-remote-cert","optional":true}}]}},{"hostPath":{"path":"/proc/sys/net","type":"Directory"},"name":"host-proc-sys-net"},{"hostPath":{"path":"/proc/sys/kernel","type":"Directory"},"name":"host-proc-sys-kernel"}]}},"updateStrategy":{"rollingUpdate":{"maxUnavailable":2},"type":"RollingUpdate"}}},{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"labels":{"app.kubernetes.io/name":"cilium-operator","app.kubernetes.io/part-of":"cilium","io.cilium/app":"operator","name":"cilium-operator"},"name":"cilium-operator","namespace":"kube-system"},"spec":{"replicas":2,"selector":{"matchLabels":{"io.cilium/app":"operator","name":"cilium-operator"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"50%"},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/port":"9963","prometheus.io/scrape":"true"},"labels":{"app.kubernetes.io/name":"cilium-operator","app.kubernetes.io/part-of":"cilium","io.cilium/app":"operator","name":"cilium-operator"}},"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"io.cilium/app":"operator"}},"topologyKey":"kubernetes.io/hostname"}]}},"automountServiceAccountToken":true,"containers":[{"args":["--config-dir=/tmp/cilium/config-map","--debug=$(CILIUM_DEBUG)"],"command":["cilium-operator-generic"],"env":[{"name":"K8S_NODE_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"spec.nodeName"}}},{"name":"CILIUM_K8S_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}},{"name":"CILIUM_DEBUG","valueFrom":{"configMapKeyRef":{"key":"debug","name":"cilium-config","optional":true}}}],"image":"quay.io/cilium/operator-generic:v1.15.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"httpGet":{"host":"127.0.0.1","path":"/healthz","port":9234,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"timeoutSeconds":3},"name":"cilium-operator","ports":[{"containerPort":9963,"hostPort":9963,"name":"prometheus","protocol":"TCP"}],"readinessProbe":{"failureThreshold":5,"httpGet":{"host":"127.0.0.1","path":"/healthz","port":9234,"scheme":"HTTP"},"initialDelaySeconds":0,"periodSeconds":5,"timeoutSeconds":3},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/tmp/cilium/config-map","name":"cilium-config-path","readOnly":true}]}],"hostNetwork":true,"nodeSelector":{"kubernetes.io/os":"linux"},"priorityClassName":"system-cluster-critical","restartPolicy":"Always","serviceAccount":"cilium-operator","serviceAccountName":"cilium-operator","tolerations":[{"operator":"Exists"}],"volumes":[{"configMap":{"name":"cilium-config"},"name":"cilium-config-path"}]}}}}] + [{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"name":"cilium","namespace":"kube-system"}},{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"name":"cilium-operator","namespace":"kube-system"}},{"apiVersion":"v1","data":{"agent-not-ready-taint-key":"node.cilium.io/agent-not-ready","arping-refresh-period":"30s","auto-direct-node-routes":"false","bpf-lb-acceleration":"disabled","bpf-lb-external-clusterip":"false","bpf-lb-map-max":"65536","bpf-lb-sock":"false","bpf-map-dynamic-size-ratio":"0.0025","bpf-policy-map-max":"16384","bpf-root":"/sys/fs/bpf","cgroup-root":"/run/cilium/cgroupv2","cilium-endpoint-gc-interval":"5m0s","cluster-id":"0","cluster-name":"default","cni-chaining-mode":"portmap","cni-exclusive":"true","cni-log-file":"/var/run/cilium/cilium-cni.log","custom-cni-conf":"false","debug":"false","debug-verbose":"","egress-gateway-reconciliation-trigger-interval":"1s","enable-auto-protect-node-port-range":"true","enable-bgp-control-plane":"false","enable-bpf-clock-probe":"false","enable-endpoint-health-checking":"true","enable-external-ips":"false","enable-health-check-loadbalancer-ip":"false","enable-health-check-nodeport":"true","enable-health-checking":"true","enable-host-legacy-routing":"true","enable-host-port":"false","enable-ipv4":"true","enable-ipv4-big-tcp":"false","enable-ipv4-masquerade":"true","enable-ipv6":"false","enable-ipv6-big-tcp":"false","enable-ipv6-masquerade":"true","enable-k8s-networkpolicy":"true","enable-k8s-terminating-endpoint":"true","enable-l2-neigh-discovery":"true","enable-l7-proxy":"true","enable-local-redirect-policy":"false","enable-masquerade-to-route-source":"false","enable-metrics":"true","enable-node-port":"false","enable-policy":"default","enable-remote-node-identity":"true","enable-sctp":"false","enable-svc-source-range-check":"true","enable-vtep":"false","enable-well-known-identities":"false","enable-xt-socket-fallback":"true","external-envoy-proxy":"false","identity-allocation-mode":"crd","identity-gc-interval":"15m0s","identity-heartbeat-timeout":"30m0s","install-no-conntrack-iptables-rules":"false","ipam":"kubernetes","ipam-cilium-node-update-rate":"15s","k8s-client-burst":"20","k8s-client-qps":"10","kube-proxy-replacement":"false","kube-proxy-replacement-healthz-bind-address":"","max-connected-clusters":"255","mesh-auth-enabled":"true","mesh-auth-gc-interval":"5m0s","mesh-auth-queue-size":"1024","mesh-auth-rotated-identities-queue-size":"1024","monitor-aggregation":"medium","monitor-aggregation-flags":"all","monitor-aggregation-interval":"5s","node-port-bind-protection":"true","nodes-gc-interval":"5m0s","operator-api-serve-addr":"127.0.0.1:9234","operator-prometheus-serve-addr":":9963","policy-cidr-match-mode":"","preallocate-bpf-maps":"false","procfs":"/host/proc","proxy-connect-timeout":"2","proxy-idle-timeout-seconds":"60","proxy-max-connection-duration-seconds":"0","proxy-max-requests-per-connection":"0","proxy-prometheus-port":"9964","proxy-xff-num-trusted-hops-egress":"0","proxy-xff-num-trusted-hops-ingress":"0","remove-cilium-node-taints":"true","routing-mode":"tunnel","service-no-backend-response":"reject","set-cilium-is-up-condition":"true","set-cilium-node-taints":"true","sidecar-istio-proxy-image":"cilium/istio_proxy","skip-cnp-status-startup-clean":"false","synchronize-k8s-nodes":"true","tofqdns-dns-reject-response-code":"refused","tofqdns-enable-dns-compression":"true","tofqdns-endpoint-max-ip-per-hostname":"50","tofqdns-idle-connection-grace-period":"0s","tofqdns-max-deferred-connection-deletes":"10000","tofqdns-proxy-response-max-delay":"100ms","tunnel-protocol":"vxlan","unmanaged-pod-watcher-interval":"15","vtep-cidr":"","vtep-endpoint":"","vtep-mac":"","vtep-mask":"","write-cni-conf-when-ready":"/host/etc/cni/net.d/05-cilium.conflist"},"kind":"ConfigMap","metadata":{"name":"cilium-config","namespace":"kube-system"}},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium"},"rules":[{"apiGroups":["networking.k8s.io"],"resources":["networkpolicies"],"verbs":["get","list","watch"]},{"apiGroups":["discovery.k8s.io"],"resources":["endpointslices"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["namespaces","services","pods","endpoints","nodes"],"verbs":["get","list","watch"]},{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["list","watch","get"]},{"apiGroups":["cilium.io"],"resources":["ciliumloadbalancerippools","ciliumbgppeeringpolicies","ciliumbgpnodeconfigs","ciliumbgpadvertisements","ciliumbgppeerconfigs","ciliumclusterwideenvoyconfigs","ciliumclusterwidenetworkpolicies","ciliumegressgatewaypolicies","ciliumendpoints","ciliumendpointslices","ciliumenvoyconfigs","ciliumidentities","ciliumlocalredirectpolicies","ciliumnetworkpolicies","ciliumnodes","ciliumnodeconfigs","ciliumcidrgroups","ciliuml2announcementpolicies","ciliumpodippools"],"verbs":["list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumidentities","ciliumendpoints","ciliumnodes"],"verbs":["create"]},{"apiGroups":["cilium.io"],"resources":["ciliumidentities"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumendpoints"],"verbs":["delete","get"]},{"apiGroups":["cilium.io"],"resources":["ciliumnodes","ciliumnodes/status"],"verbs":["get","update"]},{"apiGroups":["cilium.io"],"resources":["ciliumnetworkpolicies/status","ciliumclusterwidenetworkpolicies/status","ciliumendpoints/status","ciliumendpoints","ciliuml2announcementpolicies/status","ciliumbgpnodeconfigs/status"],"verbs":["patch"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-operator"},"rules":[{"apiGroups":[""],"resources":["pods"],"verbs":["get","list","watch","delete"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["list","watch"]},{"apiGroups":[""],"resources":["nodes","nodes/status"],"verbs":["patch"]},{"apiGroups":["discovery.k8s.io"],"resources":["endpointslices"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["services/status"],"verbs":["update","patch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["services","endpoints"],"verbs":["get","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumnetworkpolicies","ciliumclusterwidenetworkpolicies"],"verbs":["create","update","deletecollection","patch","get","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumnetworkpolicies/status","ciliumclusterwidenetworkpolicies/status"],"verbs":["patch","update"]},{"apiGroups":["cilium.io"],"resources":["ciliumendpoints","ciliumidentities"],"verbs":["delete","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumidentities"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumnodes"],"verbs":["create","update","get","list","watch","delete"]},{"apiGroups":["cilium.io"],"resources":["ciliumnodes/status"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumendpointslices","ciliumenvoyconfigs","ciliumbgppeerconfigs","ciliumbgpadvertisements","ciliumbgpnodeconfigs"],"verbs":["create","update","get","list","watch","delete","patch"]},{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["create","get","list","watch"]},{"apiGroups":["apiextensions.k8s.io"],"resourceNames":["ciliumloadbalancerippools.cilium.io","ciliumbgppeeringpolicies.cilium.io","ciliumbgpclusterconfigs.cilium.io","ciliumbgppeerconfigs.cilium.io","ciliumbgpadvertisements.cilium.io","ciliumbgpnodeconfigs.cilium.io","ciliumbgpnodeconfigoverrides.cilium.io","ciliumclusterwideenvoyconfigs.cilium.io","ciliumclusterwidenetworkpolicies.cilium.io","ciliumegressgatewaypolicies.cilium.io","ciliumendpoints.cilium.io","ciliumendpointslices.cilium.io","ciliumenvoyconfigs.cilium.io","ciliumexternalworkloads.cilium.io","ciliumidentities.cilium.io","ciliumlocalredirectpolicies.cilium.io","ciliumnetworkpolicies.cilium.io","ciliumnodes.cilium.io","ciliumnodeconfigs.cilium.io","ciliumcidrgroups.cilium.io","ciliuml2announcementpolicies.cilium.io","ciliumpodippools.cilium.io"],"resources":["customresourcedefinitions"],"verbs":["update"]},{"apiGroups":["cilium.io"],"resources":["ciliumloadbalancerippools","ciliumpodippools","ciliumbgpclusterconfigs","ciliumbgpnodeconfigoverrides"],"verbs":["get","list","watch"]},{"apiGroups":["cilium.io"],"resources":["ciliumpodippools"],"verbs":["create"]},{"apiGroups":["cilium.io"],"resources":["ciliumloadbalancerippools/status"],"verbs":["patch"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["create","get","update"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cilium"},"subjects":[{"kind":"ServiceAccount","name":"cilium","namespace":"kube-system"}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-operator"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cilium-operator"},"subjects":[{"kind":"ServiceAccount","name":"cilium-operator","namespace":"kube-system"}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-config-agent","namespace":"kube-system"},"rules":[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch"]}]},{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"labels":{"app.kubernetes.io/part-of":"cilium"},"name":"cilium-config-agent","namespace":"kube-system"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role","name":"cilium-config-agent"},"subjects":[{"kind":"ServiceAccount","name":"cilium","namespace":"kube-system"}]},{"apiVersion":"apps/v1","kind":"DaemonSet","metadata":{"labels":{"app.kubernetes.io/name":"cilium-agent","app.kubernetes.io/part-of":"cilium","k8s-app":"cilium"},"name":"cilium","namespace":"kube-system"},"spec":{"selector":{"matchLabels":{"k8s-app":"cilium"}},"template":{"metadata":{"annotations":{"container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites":"unconfined","container.apparmor.security.beta.kubernetes.io/cilium-agent":"unconfined","container.apparmor.security.beta.kubernetes.io/clean-cilium-state":"unconfined","container.apparmor.security.beta.kubernetes.io/mount-cgroup":"unconfined"},"labels":{"app.kubernetes.io/name":"cilium-agent","app.kubernetes.io/part-of":"cilium","k8s-app":"cilium"}},"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]}},"automountServiceAccountToken":true,"containers":[{"args":["--config-dir=/tmp/cilium/config-map"],"command":["cilium-agent"],"env":[{"name":"K8S_NODE_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"spec.nodeName"}}},{"name":"CILIUM_K8S_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}},{"name":"CILIUM_CLUSTERMESH_CONFIG","value":"/var/lib/cilium/clustermesh/"},{"name":"GOMEMLIMIT","valueFrom":{"resourceFieldRef":{"divisor":"1","resource":"limits.memory"}}}],"image":"quay.io/cilium/cilium:v1.15.6","imagePullPolicy":"IfNotPresent","lifecycle":{"postStart":{"exec":{"command":["bash","-c","set -o errexit\nset -o pipefail\nset -o nounset\n\n# When running in AWS ENI mode, it's likely that 'aws-node' has\n# had a chance to install SNAT iptables rules. These can result\n# in dropped traffic, so we should attempt to remove them.\n# We do it using a 'postStart' hook since this may need to run\n# for nodes which might have already been init'ed but may still\n# have dangling rules. This is safe because there are no\n# dependencies on anything that is part of the startup script\n# itself, and can be safely run multiple times per node (e.g. in\n# case of a restart).\nif [[ \"$(iptables-save | grep -E -c 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN')\" != \"0\" ]];\nthen\n echo 'Deleting iptables rules created by the AWS CNI VPC plugin'\n iptables-save | grep -E -v 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN' | iptables-restore\nfi\necho 'Done!'\n"]}},"preStop":{"exec":{"command":["/cni-uninstall.sh"]}}},"livenessProbe":{"failureThreshold":10,"httpGet":{"host":"127.0.0.1","httpHeaders":[{"name":"brief","value":"true"}],"path":"/healthz","port":9879,"scheme":"HTTP"},"periodSeconds":30,"successThreshold":1,"timeoutSeconds":5},"name":"cilium-agent","readinessProbe":{"failureThreshold":3,"httpGet":{"host":"127.0.0.1","httpHeaders":[{"name":"brief","value":"true"}],"path":"/healthz","port":9879,"scheme":"HTTP"},"periodSeconds":30,"successThreshold":1,"timeoutSeconds":5},"securityContext":{"capabilities":{"add":["CHOWN","KILL","NET_ADMIN","NET_RAW","IPC_LOCK","SYS_MODULE","SYS_ADMIN","SYS_RESOURCE","DAC_OVERRIDE","FOWNER","SETGID","SETUID"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"startupProbe":{"failureThreshold":105,"httpGet":{"host":"127.0.0.1","httpHeaders":[{"name":"brief","value":"true"}],"path":"/healthz","port":9879,"scheme":"HTTP"},"initialDelaySeconds":5,"periodSeconds":2,"successThreshold":1},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/host/proc/sys/net","name":"host-proc-sys-net"},{"mountPath":"/host/proc/sys/kernel","name":"host-proc-sys-kernel"},{"mountPath":"/sys/fs/bpf","mountPropagation":"HostToContainer","name":"bpf-maps"},{"mountPath":"/var/run/cilium","name":"cilium-run"},{"mountPath":"/host/etc/cni/net.d","name":"etc-cni-netd"},{"mountPath":"/var/lib/cilium/clustermesh","name":"clustermesh-secrets","readOnly":true},{"mountPath":"/lib/modules","name":"lib-modules","readOnly":true},{"mountPath":"/run/xtables.lock","name":"xtables-lock"},{"mountPath":"/tmp","name":"tmp"}]}],"hostNetwork":true,"initContainers":[{"command":["cilium-dbg","build-config"],"env":[{"name":"K8S_NODE_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"spec.nodeName"}}},{"name":"CILIUM_K8S_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}}],"image":"quay.io/cilium/cilium:v1.15.6","imagePullPolicy":"IfNotPresent","name":"config","terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/tmp","name":"tmp"}]},{"command":["sh","-ec","cp /usr/bin/cilium-mount /hostbin/cilium-mount;\nnsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt \"${BIN_PATH}/cilium-mount\" $CGROUP_ROOT;\nrm /hostbin/cilium-mount\n"],"env":[{"name":"CGROUP_ROOT","value":"/run/cilium/cgroupv2"},{"name":"BIN_PATH","value":"/opt/cni/bin"}],"image":"quay.io/cilium/cilium:v1.15.6","imagePullPolicy":"IfNotPresent","name":"mount-cgroup","securityContext":{"capabilities":{"add":["SYS_ADMIN","SYS_CHROOT","SYS_PTRACE"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/hostproc","name":"hostproc"},{"mountPath":"/hostbin","name":"cni-path"}]},{"command":["sh","-ec","cp /usr/bin/cilium-sysctlfix /hostbin/cilium-sysctlfix;\nnsenter --mount=/hostproc/1/ns/mnt \"${BIN_PATH}/cilium-sysctlfix\";\nrm /hostbin/cilium-sysctlfix\n"],"env":[{"name":"BIN_PATH","value":"/opt/cni/bin"}],"image":"quay.io/cilium/cilium:v1.15.6","imagePullPolicy":"IfNotPresent","name":"apply-sysctl-overwrites","securityContext":{"capabilities":{"add":["SYS_ADMIN","SYS_CHROOT","SYS_PTRACE"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/hostproc","name":"hostproc"},{"mountPath":"/hostbin","name":"cni-path"}]},{"args":["mount | grep \"/sys/fs/bpf type bpf\" || mount -t bpf bpf /sys/fs/bpf"],"command":["/bin/bash","-c","--"],"image":"quay.io/cilium/cilium:v1.15.6","imagePullPolicy":"IfNotPresent","name":"mount-bpf-fs","securityContext":{"privileged":true},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/sys/fs/bpf","mountPropagation":"Bidirectional","name":"bpf-maps"}]},{"command":["/init-container.sh"],"env":[{"name":"CILIUM_ALL_STATE","valueFrom":{"configMapKeyRef":{"key":"clean-cilium-state","name":"cilium-config","optional":true}}},{"name":"CILIUM_BPF_STATE","valueFrom":{"configMapKeyRef":{"key":"clean-cilium-bpf-state","name":"cilium-config","optional":true}}},{"name":"WRITE_CNI_CONF_WHEN_READY","valueFrom":{"configMapKeyRef":{"key":"write-cni-conf-when-ready","name":"cilium-config","optional":true}}}],"image":"quay.io/cilium/cilium:v1.15.6","imagePullPolicy":"IfNotPresent","name":"clean-cilium-state","securityContext":{"capabilities":{"add":["NET_ADMIN","SYS_MODULE","SYS_ADMIN","SYS_RESOURCE"],"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/sys/fs/bpf","name":"bpf-maps"},{"mountPath":"/run/cilium/cgroupv2","mountPropagation":"HostToContainer","name":"cilium-cgroup"},{"mountPath":"/var/run/cilium","name":"cilium-run"}]},{"command":["/install-plugin.sh"],"image":"quay.io/cilium/cilium:v1.15.6","imagePullPolicy":"IfNotPresent","name":"install-cni-binaries","resources":{"requests":{"cpu":"100m","memory":"10Mi"}},"securityContext":{"capabilities":{"drop":["ALL"]},"seLinuxOptions":{"level":"s0","type":"spc_t"}},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/host/opt/cni/bin","name":"cni-path"}]}],"nodeSelector":{"kubernetes.io/os":"linux"},"priorityClassName":"system-node-critical","restartPolicy":"Always","serviceAccount":"cilium","serviceAccountName":"cilium","terminationGracePeriodSeconds":1,"tolerations":[{"operator":"Exists"}],"volumes":[{"emptyDir":{},"name":"tmp"},{"hostPath":{"path":"/var/run/cilium","type":"DirectoryOrCreate"},"name":"cilium-run"},{"hostPath":{"path":"/sys/fs/bpf","type":"DirectoryOrCreate"},"name":"bpf-maps"},{"hostPath":{"path":"/proc","type":"Directory"},"name":"hostproc"},{"hostPath":{"path":"/run/cilium/cgroupv2","type":"DirectoryOrCreate"},"name":"cilium-cgroup"},{"hostPath":{"path":"/opt/cni/bin","type":"DirectoryOrCreate"},"name":"cni-path"},{"hostPath":{"path":"/etc/cni/net.d","type":"DirectoryOrCreate"},"name":"etc-cni-netd"},{"hostPath":{"path":"/lib/modules"},"name":"lib-modules"},{"hostPath":{"path":"/run/xtables.lock","type":"FileOrCreate"},"name":"xtables-lock"},{"name":"clustermesh-secrets","projected":{"defaultMode":256,"sources":[{"secret":{"name":"cilium-clustermesh","optional":true}},{"secret":{"items":[{"key":"tls.key","path":"common-etcd-client.key"},{"key":"tls.crt","path":"common-etcd-client.crt"},{"key":"ca.crt","path":"common-etcd-client-ca.crt"}],"name":"clustermesh-apiserver-remote-cert","optional":true}}]}},{"hostPath":{"path":"/proc/sys/net","type":"Directory"},"name":"host-proc-sys-net"},{"hostPath":{"path":"/proc/sys/kernel","type":"Directory"},"name":"host-proc-sys-kernel"}]}},"updateStrategy":{"rollingUpdate":{"maxUnavailable":2},"type":"RollingUpdate"}}},{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"labels":{"app.kubernetes.io/name":"cilium-operator","app.kubernetes.io/part-of":"cilium","io.cilium/app":"operator","name":"cilium-operator"},"name":"cilium-operator","namespace":"kube-system"},"spec":{"replicas":2,"selector":{"matchLabels":{"io.cilium/app":"operator","name":"cilium-operator"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"50%"},"type":"RollingUpdate"},"template":{"metadata":{"annotations":{"prometheus.io/port":"9963","prometheus.io/scrape":"true"},"labels":{"app.kubernetes.io/name":"cilium-operator","app.kubernetes.io/part-of":"cilium","io.cilium/app":"operator","name":"cilium-operator"}},"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"io.cilium/app":"operator"}},"topologyKey":"kubernetes.io/hostname"}]}},"automountServiceAccountToken":true,"containers":[{"args":["--config-dir=/tmp/cilium/config-map","--debug=$(CILIUM_DEBUG)"],"command":["cilium-operator-generic"],"env":[{"name":"K8S_NODE_NAME","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"spec.nodeName"}}},{"name":"CILIUM_K8S_NAMESPACE","valueFrom":{"fieldRef":{"apiVersion":"v1","fieldPath":"metadata.namespace"}}},{"name":"CILIUM_DEBUG","valueFrom":{"configMapKeyRef":{"key":"debug","name":"cilium-config","optional":true}}}],"image":"quay.io/cilium/operator-generic:v1.15.6","imagePullPolicy":"IfNotPresent","livenessProbe":{"httpGet":{"host":"127.0.0.1","path":"/healthz","port":9234,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"timeoutSeconds":3},"name":"cilium-operator","ports":[{"containerPort":9963,"hostPort":9963,"name":"prometheus","protocol":"TCP"}],"readinessProbe":{"failureThreshold":5,"httpGet":{"host":"127.0.0.1","path":"/healthz","port":9234,"scheme":"HTTP"},"initialDelaySeconds":0,"periodSeconds":5,"timeoutSeconds":3},"terminationMessagePolicy":"FallbackToLogsOnError","volumeMounts":[{"mountPath":"/tmp/cilium/config-map","name":"cilium-config-path","readOnly":true}]}],"hostNetwork":true,"nodeSelector":{"kubernetes.io/os":"linux"},"priorityClassName":"system-cluster-critical","restartPolicy":"Always","serviceAccount":"cilium-operator","serviceAccountName":"cilium-operator","tolerations":[{"operator":"Exists"}],"volumes":[{"configMap":{"name":"cilium-config"},"name":"cilium-config-path"}]}}}}] kind: ConfigMap metadata: creationTimestamp: null diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/csi/aws-ebs/manifests/aws-ebs-csi-configmap.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/csi/aws-ebs/manifests/aws-ebs-csi-configmap.yaml index d27cdaca5..6b5edb1e4 100644 --- a/charts/cluster-api-runtime-extensions-nutanix/templates/csi/aws-ebs/manifests/aws-ebs-csi-configmap.yaml +++ b/charts/cluster-api-runtime-extensions-nutanix/templates/csi/aws-ebs/manifests/aws-ebs-csi-configmap.yaml @@ -17,8 +17,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-controller-sa namespace: kube-system --- @@ -31,8 +31,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-node-sa namespace: kube-system --- @@ -44,8 +44,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-leases-role namespace: kube-system rules: @@ -69,8 +69,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-node-role rules: - apiGroups: @@ -88,6 +88,12 @@ data: - get - list - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -97,8 +103,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-external-attacher-role rules: - apiGroups: @@ -152,8 +158,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-external-provisioner-role rules: - apiGroups: @@ -165,6 +171,7 @@ data: - list - watch - create + - patch - delete - apiGroups: - "" @@ -231,6 +238,12 @@ data: - get - list - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattributesclasses + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -240,8 +253,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-external-resizer-role rules: - apiGroups: @@ -295,6 +308,14 @@ data: - get - list - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattributesclasses + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -304,8 +325,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-external-snapshotter-role rules: - apiGroups: @@ -344,6 +365,7 @@ data: - volumesnapshotcontents/status verbs: - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -353,8 +375,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-leases-rolebinding namespace: kube-system roleRef: @@ -374,8 +396,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-attacher-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -394,8 +416,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-node-getter-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -414,8 +436,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-provisioner-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -434,8 +456,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-resizer-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -454,8 +476,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-snapshotter-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -474,8 +496,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-controller namespace: kube-system spec: @@ -498,8 +520,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 spec: affinity: nodeAffinity: @@ -560,7 +582,7 @@ data: key: endpoint name: aws-meta optional: true - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.28.0 + image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.32.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 5 @@ -592,6 +614,8 @@ data: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir @@ -606,10 +630,11 @@ data: - --kube-api-qps=20 - --kube-api-burst=100 - --worker-threads=100 + - --retry-interval-max=30m env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v4.0.0-eks-1-29-5 + image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v5.0.1-eks-1-30-8 imagePullPolicy: IfNotPresent name: csi-provisioner resources: @@ -621,6 +646,8 @@ data: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir @@ -632,10 +659,11 @@ data: - --kube-api-qps=20 - --kube-api-burst=100 - --worker-threads=100 + - --retry-interval-max=5m env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.5.0-eks-1-29-5 + image: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.6.1-eks-1-30-8 imagePullPolicy: IfNotPresent name: csi-attacher resources: @@ -647,6 +675,8 @@ data: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir @@ -657,10 +687,11 @@ data: - --kube-api-qps=20 - --kube-api-burst=100 - --worker-threads=100 + - --retry-interval-max=30m env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter:v7.0.0-eks-1-29-5 + image: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter:v8.0.1-eks-1-30-8 imagePullPolicy: IfNotPresent name: csi-snapshotter resources: @@ -672,6 +703,8 @@ data: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir @@ -684,10 +717,11 @@ data: - --kube-api-qps=20 - --kube-api-burst=100 - --workers=100 + - --retry-interval-max=30m env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.10.0-eks-1-29-5 + image: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.11.1-eks-1-30-8 imagePullPolicy: IfNotPresent name: csi-resizer resources: @@ -699,12 +733,14 @@ data: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /var/lib/csi/sockets/pluginproxy/ name: socket-dir - args: - --csi-address=/csi/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.12.0-eks-1-29-5 + image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-8 imagePullPolicy: IfNotPresent name: liveness-probe resources: @@ -752,8 +788,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-controller namespace: kube-system spec: @@ -772,8 +808,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs-csi-node namespace: kube-system spec: @@ -791,8 +827,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 spec: affinity: nodeAffinity: @@ -824,7 +860,7 @@ data: valueFrom: fieldRef: fieldPath: spec.nodeName - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.28.0 + image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.32.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -871,7 +907,7 @@ data: value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.10.0-eks-1-29-5 + image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.11.0-eks-1-30-8 imagePullPolicy: IfNotPresent livenessProbe: exec: @@ -901,7 +937,7 @@ data: name: probe-dir - args: - --csi-address=/csi/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.12.0-eks-1-29-5 + image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-8 imagePullPolicy: IfNotPresent name: liveness-probe resources: @@ -926,6 +962,7 @@ data: runAsNonRoot: false runAsUser: 0 serviceAccountName: ebs-csi-node-sa + terminationGracePeriodSeconds: 30 tolerations: - operator: Exists volumes: @@ -960,8 +997,8 @@ data: app.kubernetes.io/instance: aws-ebs-csi-driver app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: 1.28.0 - helm.sh/chart: aws-ebs-csi-driver-2.28.1 + app.kubernetes.io/version: 1.32.0 + helm.sh/chart: aws-ebs-csi-driver-2.32.0 name: ebs.csi.aws.com spec: attachRequired: true diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml index b8c129b84..b42219789 100644 --- a/charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml +++ b/charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml @@ -13,11 +13,11 @@ data: RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes.github.io/cloud-provider-aws{{ end }} aws-ebs-csi: | ChartName: aws-ebs-csi-driver - ChartVersion: 2.28.1 + ChartVersion: 2.32.0 RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes-sigs.github.io/aws-ebs-csi-driver{{ end }} cilium: | ChartName: cilium - ChartVersion: 1.15.5 + ChartVersion: 1.15.6 RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://helm.cilium.io/{{ end }} cluster-autoscaler: | ChartName: cluster-autoscaler @@ -33,7 +33,7 @@ data: RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://metallb.github.io/metallb{{ end }} nfd: | ChartName: node-feature-discovery - ChartVersion: 0.15.2 + ChartVersion: 0.16.1 RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes-sigs.github.io/node-feature-discovery/charts{{ end }} nutanix-ccm: | ChartName: nutanix-cloud-provider diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/helm-addon-installation.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/helm-addon-installation.yaml index 3ef43bf3c..ab64b53b2 100644 --- a/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/helm-addon-installation.yaml +++ b/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/helm-addon-installation.yaml @@ -9,7 +9,7 @@ metadata: data: values.yaml: |- image: - tag: v0.15.2-minimal + tag: v0.16.1-minimal master: extraLabelNs: - nvidia.com diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/node-feature-discovery-configmap.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/node-feature-discovery-configmap.yaml index 8820e22ce..cebc26ffe 100644 --- a/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/node-feature-discovery-configmap.yaml +++ b/charts/cluster-api-runtime-extensions-nutanix/templates/nfd/manifests/node-feature-discovery-configmap.yaml @@ -20,7 +20,7 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: nodefeatures.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io @@ -34,23 +34,30 @@ data: - name: v1alpha1 schema: openAPIV3Schema: - description: NodeFeature resource holds the features discovered for one node - in the cluster. + description: |- + NodeFeature resource holds the features discovered for one node in the + cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: NodeFeatureSpec describes a NodeFeature object. + description: Specification of the NodeFeature, containing features discovered + for a node. properties: features: description: Features is the full "raw" features data that has been @@ -64,6 +71,7 @@ data: elements: additionalProperties: type: string + description: Individual features of the feature set. type: object required: - elements @@ -81,6 +89,7 @@ data: description: Nil is a dummy empty struct for protobuf compatibility type: object + description: Individual features of the feature set. type: object required: - elements @@ -94,6 +103,7 @@ data: which is an instance having multiple attributes. properties: elements: + description: Individual features of the feature set. items: description: InstanceFeature represents one instance of a complex features, e.g. a device. @@ -101,6 +111,7 @@ data: attributes: additionalProperties: type: string + description: Attributes of the instance feature. type: object required: - attributes @@ -130,7 +141,278 @@ data: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 + name: nodefeaturegroups.nfd.k8s-sigs.io + spec: + group: nfd.k8s-sigs.io + names: + kind: NodeFeatureGroup + listKind: NodeFeatureGroupList + plural: nodefeaturegroups + shortNames: + - nfg + singular: nodefeaturegroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeFeatureGroup resource holds Node pools by featureGroup + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the rules to be evaluated. + properties: + featureGroupRules: + description: List of rules to evaluate to determine nodes that belong + in this group. + items: + description: GroupRule defines a rule for nodegroup filtering. + properties: + matchAny: + description: MatchAny specifies a list of matchers one of which + must match. + items: + description: MatchAnyElem specifies one sub-matcher of MatchAny. + properties: + matchFeatures: + description: MatchFeatures specifies a set of matcher + terms all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature + set to match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + required: + - matchFeatures + type: object + type: array + matchFeatures: + description: MatchFeatures specifies a set of matcher terms + all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature set to + match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + name: + description: Name of the rule. + type: string + required: + - name + type: object + type: array + required: + - featureGroupRules + type: object + status: + description: |- + Status of the NodeFeatureGroup after the most recent evaluation of the + specification. + properties: + nodes: + description: Nodes is a list of FeatureGroupNode in the cluster that + match the featureGroupRules + items: + properties: + name: + description: Name of the node. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 name: nodefeaturerules.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io @@ -146,23 +428,29 @@ data: - name: v1alpha1 schema: openAPIV3Schema: - description: NodeFeatureRule resource specifies a configuration for feature-based + description: |- + NodeFeatureRule resource specifies a configuration for feature-based customization of node objects, such as node labeling. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: NodeFeatureRuleSpec describes a NodeFeatureRule. + description: Spec defines the rules to be evaluated. properties: rules: description: Rules is a list of node customization rules. @@ -186,10 +474,10 @@ data: description: Labels to create if the rule matches. type: object labelsTemplate: - description: LabelsTemplate specifies a template to expand for - dynamically generating multiple labels. Data (after template - expansion) must be keys with an optional value ([=]) - separated by newlines. + description: |- + LabelsTemplate specifies a template to expand for dynamically generating + multiple labels. Data (after template expansion) must be keys with an + optional value ([=]) separated by newlines. type: string matchAny: description: MatchAny specifies a list of matchers one of which @@ -201,10 +489,10 @@ data: description: MatchFeatures specifies a set of matcher terms all of which must match. items: - description: FeatureMatcherTerm defines requirements - against one feature set. All requirements (specified - as MatchExpressions) are evaluated against each element - in the feature set. + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. properties: feature: description: Feature is the name of the feature @@ -212,11 +500,10 @@ data: type: string matchExpressions: additionalProperties: - description: MatchExpression specifies an expression - to evaluate against a set of input values. It - contains an operator that is applied when matching - the input and an array of values that the operator - evaluates the input against. + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. @@ -233,29 +520,26 @@ data: - IsFalse type: string value: - description: Value is the list of values that - the operand evaluates the input against. - Value should be empty if the operator is - Exists, DoesNotExist, IsTrue or IsFalse. - Value should contain exactly one element - if the operator is Gt or Lt and exactly - two elements if the operator is GtLt. In - other cases Value should contain at least - one element. + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. items: type: string type: array required: - op type: object - description: MatchExpressions is the set of per-element - expressions evaluated. These match against the - value of the specified elements. + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. type: object matchName: - description: MatchName in an expression that is - matched against the name of each element in the - feature set. + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. properties: op: description: Op is the operator to be applied. @@ -272,14 +556,12 @@ data: - IsFalse type: string value: - description: Value is the list of values that - the operand evaluates the input against. Value - should be empty if the operator is Exists, - DoesNotExist, IsTrue or IsFalse. Value should - contain exactly one element if the operator - is Gt or Lt and exactly two elements if the - operator is GtLt. In other cases Value should - contain at least one element. + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. items: type: string type: array @@ -298,9 +580,10 @@ data: description: MatchFeatures specifies a set of matcher terms all of which must match. items: - description: FeatureMatcherTerm defines requirements against - one feature set. All requirements (specified as MatchExpressions) - are evaluated against each element in the feature set. + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. properties: feature: description: Feature is the name of the feature set to @@ -308,11 +591,10 @@ data: type: string matchExpressions: additionalProperties: - description: MatchExpression specifies an expression - to evaluate against a set of input values. It contains - an operator that is applied when matching the input - and an array of values that the operator evaluates - the input against. + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. @@ -329,26 +611,26 @@ data: - IsFalse type: string value: - description: Value is the list of values that the - operand evaluates the input against. Value should - be empty if the operator is Exists, DoesNotExist, - IsTrue or IsFalse. Value should contain exactly - one element if the operator is Gt or Lt and exactly - two elements if the operator is GtLt. In other - cases Value should contain at least one element. + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. items: type: string type: array required: - op type: object - description: MatchExpressions is the set of per-element - expressions evaluated. These match against the value - of the specified elements. + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. type: object matchName: - description: MatchName in an expression that is matched - against the name of each element in the feature set. + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. properties: op: description: Op is the operator to be applied. @@ -365,13 +647,12 @@ data: - IsFalse type: string value: - description: Value is the list of values that the - operand evaluates the input against. Value should - be empty if the operator is Exists, DoesNotExist, - IsTrue or IsFalse. Value should contain exactly - one element if the operator is Gt or Lt and exactly - two elements if the operator is GtLt. In other cases - Value should contain at least one element. + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. items: type: string type: array @@ -388,21 +669,24 @@ data: taints: description: Taints to create if the rule matches. items: - description: The node this Taint is attached to has the "effect" - on any pod that does not tolerate the Taint. + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. properties: effect: - description: Required. The effect of the taint on pods - that do not tolerate the taint. Valid effects are NoSchedule, - PreferNoSchedule and NoExecute. + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: - description: TimeAdded represents the time at which the - taint was added. It is only written for NoExecute taints. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: @@ -417,17 +701,17 @@ data: vars: additionalProperties: type: string - description: Vars is the variables to store if the rule matches. - Variables do not directly inflict any changes in the node - object. However, they can be referenced from other rules enabling - more complex rule hierarchies, without exposing intermediary - output values as labels. + description: |- + Vars is the variables to store if the rule matches. Variables do not + directly inflict any changes in the node object. However, they can be + referenced from other rules enabling more complex rule hierarchies, + without exposing intermediary output values as labels. type: object varsTemplate: - description: VarsTemplate specifies a template to expand for - dynamically generating multiple variables. Data (after template - expansion) must be keys with an optional value ([=]) - separated by newlines. + description: |- + VarsTemplate specifies a template to expand for dynamically generating + multiple variables. Data (after template expansion) must be keys with an + optional value ([=]) separated by newlines. type: string required: - name @@ -449,8 +733,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery namespace: node-feature-discovery --- @@ -461,8 +745,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-gc namespace: node-feature-discovery --- @@ -473,8 +757,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-worker namespace: node-feature-discovery --- @@ -487,26 +771,12 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-master-conf namespace: node-feature-discovery --- apiVersion: v1 - data: - nfd-topology-updater.conf: "null" - kind: ConfigMap - metadata: - labels: - app.kubernetes.io/instance: node-feature-discovery - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 - name: node-feature-discovery-topology-updater-conf - namespace: node-feature-discovery - --- - apiVersion: v1 data: nfd-worker.conf: |- sources: @@ -520,8 +790,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-worker-conf namespace: node-feature-discovery --- @@ -532,8 +802,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery rules: - apiGroups: @@ -551,10 +821,18 @@ data: resources: - nodefeatures - nodefeaturerules + - nodefeaturegroups verbs: - get - list - watch + - apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeaturegroups/status + verbs: + - patch + - update - apiGroups: - coordination.k8s.io resources: @@ -578,8 +856,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-gc rules: - apiGroups: @@ -617,8 +895,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery roleRef: apiGroup: rbac.authorization.k8s.io @@ -636,8 +914,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-gc roleRef: apiGroup: rbac.authorization.k8s.io @@ -655,8 +933,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-worker namespace: node-feature-discovery rules: @@ -676,8 +954,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 name: node-feature-discovery-worker namespace: node-feature-discovery roleRef: @@ -696,8 +974,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 role: worker name: node-feature-discovery-worker namespace: node-feature-discovery @@ -716,6 +994,8 @@ data: spec: containers: - args: + - -feature-gates=NodeFeatureAPI=true + - -feature-gates=NodeFeatureGroupAPI=false - -metrics=8081 command: - nfd-worker @@ -732,13 +1012,29 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: registry.k8s.io/nfd/node-feature-discovery:v0.15.2-minimal + image: registry.k8s.io/nfd/node-feature-discovery:v0.16.1-minimal imagePullPolicy: IfNotPresent + livenessProbe: + grpc: + port: 8082 + initialDelaySeconds: 10 + periodSeconds: 10 name: worker ports: - containerPort: 8081 name: metrics - resources: {} + readinessProbe: + failureThreshold: 10 + grpc: + port: 8082 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + memory: 512Mi + requests: + cpu: 5m + memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: @@ -762,6 +1058,9 @@ data: - mountPath: /host-lib name: host-lib readOnly: true + - mountPath: /host-proc/swaps + name: host-proc-swaps + readOnly: true - mountPath: /etc/kubernetes/node-feature-discovery/source.d/ name: source-d readOnly: true @@ -795,6 +1094,9 @@ data: - hostPath: path: /lib name: host-lib + - hostPath: + path: /proc/swaps + name: host-proc-swaps - hostPath: path: /etc/kubernetes/node-feature-discovery/source.d/ name: source-d @@ -815,8 +1117,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 role: master name: node-feature-discovery-master namespace: node-feature-discovery @@ -855,6 +1157,8 @@ data: - args: - -extra-label-ns=nvidia.com,beta.amd.com,amd.com - -crd-controller=true + - -feature-gates=NodeFeatureAPI=true + - -feature-gates=NodeFeatureGroupAPI=false - -metrics=8081 command: - nfd-master @@ -863,11 +1167,11 @@ data: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/nfd/node-feature-discovery:v0.15.2-minimal + image: registry.k8s.io/nfd/node-feature-discovery:v0.16.1-minimal imagePullPolicy: IfNotPresent livenessProbe: grpc: - port: 8080 + port: 8082 initialDelaySeconds: 10 periodSeconds: 10 name: master @@ -879,10 +1183,15 @@ data: readinessProbe: failureThreshold: 10 grpc: - port: 8080 + port: 8082 initialDelaySeconds: 5 periodSeconds: 10 - resources: {} + resources: + limits: + memory: 4Gi + requests: + cpu: 100m + memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: @@ -921,8 +1230,8 @@ data: app.kubernetes.io/instance: node-feature-discovery app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/version: v0.15.2 - helm.sh/chart: node-feature-discovery-0.15.2 + app.kubernetes.io/version: v0.16.1 + helm.sh/chart: node-feature-discovery-0.16.1 role: gc name: node-feature-discovery-gc namespace: node-feature-discovery @@ -950,13 +1259,18 @@ data: valueFrom: fieldRef: fieldPath: spec.nodeName - image: registry.k8s.io/nfd/node-feature-discovery:v0.15.2-minimal + image: registry.k8s.io/nfd/node-feature-discovery:v0.16.1-minimal imagePullPolicy: IfNotPresent name: gc ports: - containerPort: 8081 name: metrics - resources: {} + resources: + limits: + memory: 1Gi + requests: + cpu: 10m + memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/virtual-ip/kube-vip/manifests/kube-vip-configmap.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/virtual-ip/kube-vip/manifests/kube-vip-configmap.yaml index b268369d2..80a2d5de7 100644 --- a/charts/cluster-api-runtime-extensions-nutanix/templates/virtual-ip/kube-vip/manifests/kube-vip-configmap.yaml +++ b/charts/cluster-api-runtime-extensions-nutanix/templates/virtual-ip/kube-vip/manifests/kube-vip-configmap.yaml @@ -47,7 +47,8 @@ data: value: "2" - name: address value: '{{ `{{ .ControlPlaneEndpoint.Host }}` }}' - image: ghcr.io/kube-vip/kube-vip:v0.8.0 + - name: prometheus_server + image: ghcr.io/kube-vip/kube-vip:v0.8.1 imagePullPolicy: IfNotPresent name: kube-vip resources: {} diff --git a/hack/addons/kustomize/cluster-autoscaler/kustomization.yaml.tmpl b/hack/addons/kustomize/cluster-autoscaler/kustomization.yaml.tmpl index 4c1799f49..b450d397a 100644 --- a/hack/addons/kustomize/cluster-autoscaler/kustomization.yaml.tmpl +++ b/hack/addons/kustomize/cluster-autoscaler/kustomization.yaml.tmpl @@ -15,7 +15,7 @@ helmCharts: includeCRDs: true valuesFile: helm-values.yaml releaseName: cluster-autoscaler-tmpl-clustername-tmpl - version: ${CLUSTER_AUTOSCALER_VERSION} + version: ${CLUSTER_AUTOSCALER_CHART_VERSION} repo: https://kubernetes.github.io/autoscaler namespace: tmpl-clusternamespace-tmpl diff --git a/hack/addons/kustomize/nfd/kustomization.yaml.tmpl b/hack/addons/kustomize/nfd/kustomization.yaml.tmpl index 6ca1ffa32..6ec3cafad 100644 --- a/hack/addons/kustomize/nfd/kustomization.yaml.tmpl +++ b/hack/addons/kustomize/nfd/kustomization.yaml.tmpl @@ -21,6 +21,7 @@ helmCharts: tag: "v${NODE_FEATURE_DISCOVERY_VERSION}-minimal" includeCRDs: true skipTests: true + skipHooks: true namespace: node-feature-discovery namespace: node-feature-discovery diff --git a/hack/addons/mindthegap-helm-registry/repos.yaml b/hack/addons/mindthegap-helm-registry/repos.yaml index 1a57a3a5d..f785ba32c 100644 --- a/hack/addons/mindthegap-helm-registry/repos.yaml +++ b/hack/addons/mindthegap-helm-registry/repos.yaml @@ -15,12 +15,12 @@ repositories: repoURL: https://kubernetes-sigs.github.io/aws-ebs-csi-driver charts: aws-ebs-csi-driver: - - 2.28.1 + - 2.32.0 cilium: repoURL: https://helm.cilium.io/ charts: cilium: - - 1.15.5 + - 1.15.6 cluster-autoscaler: repoURL: https://kubernetes.github.io/autoscaler charts: @@ -40,7 +40,7 @@ repositories: repoURL: https://kubernetes-sigs.github.io/node-feature-discovery/charts charts: node-feature-discovery: - - 0.15.2 + - 0.16.1 nutanix-cloud-provider: repoURL: https://nutanix.github.io/helm/ charts: diff --git a/hack/addons/update-cluster-autoscaler.sh b/hack/addons/update-cluster-autoscaler.sh index 306e21617..4fd6b9f68 100755 --- a/hack/addons/update-cluster-autoscaler.sh +++ b/hack/addons/update-cluster-autoscaler.sh @@ -8,8 +8,8 @@ readonly SCRIPT_DIR # shellcheck source=hack/common.sh source "${SCRIPT_DIR}/../common.sh" -if [ -z "${CLUSTER_AUTOSCALER_VERSION:-}" ]; then - echo "Missing argument: CLUSTER_AUTOSCALER_VERSION" +if [ -z "${CLUSTER_AUTOSCALER_CHART_VERSION:-}" ]; then + echo "Missing argument: CLUSTER_AUTOSCALER_CHART_VERSION" exit 1 fi diff --git a/hack/addons/update-kube-vip-manifests.sh b/hack/addons/update-kube-vip-manifests.sh index 6646ba1f0..29dd54eff 100755 --- a/hack/addons/update-kube-vip-manifests.sh +++ b/hack/addons/update-kube-vip-manifests.sh @@ -19,19 +19,23 @@ trap_add "rm -rf ${ASSETS_DIR}" EXIT readonly FILE_NAME="kube-vip.yaml" +# shellcheck disable=SC2016 # Single quotes are required for the gojq expression. docker container run --rm ghcr.io/kube-vip/kube-vip:"${KUBE_VIP_VERSION}" \ manifest pod \ --arp \ - --address='{{ `{{ .ControlPlaneEndpoint.Host }}` }}' \ - --port=-99999 \ + --address='127.0.0.1' \ --controlplane \ --leaderElection \ --leaseDuration=15 \ --leaseRenewDuration=10 \ --leaseRetry=2 \ --prometheusHTTPServer='' | - gojq --yaml-input --yaml-output 'del(.metadata.creationTimestamp, .status) | .spec.containers[].imagePullPolicy |= "IfNotPresent"' | - sed "s/\"-99999\"/'{{ \`{{ .ControlPlaneEndpoint.Port }}\` }}'/" >"${ASSETS_DIR}/${FILE_NAME}" + gojq --yaml-input --yaml-output \ + 'del(.metadata.creationTimestamp, .status) | + .spec.containers[].imagePullPolicy |= "IfNotPresent" | + (.spec.containers[0].env[] | select(.name == "port").value) |= "{{ `{{ .ControlPlaneEndpoint.Port }}` }}" | + (.spec.containers[0].env[] | select(.name == "address").value) |= "{{ `{{ .ControlPlaneEndpoint.Host }}` }}" + ' >"${ASSETS_DIR}/${FILE_NAME}" kubectl create configmap "{{ .Values.hooks.virtualIP.kubeVip.defaultTemplateConfigMap.name }}" --dry-run=client --output yaml \ --from-file "${ASSETS_DIR}/${FILE_NAME}" \ diff --git a/make/addons.mk b/make/addons.mk index d62e6055f..45dc51fb9 100644 --- a/make/addons.mk +++ b/make/addons.mk @@ -2,12 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 export CALICO_VERSION := v3.28.0 -export CILIUM_VERSION := 1.15.5 -export NODE_FEATURE_DISCOVERY_VERSION := 0.15.2 -export CLUSTER_AUTOSCALER_VERSION := 9.37.0 -export AWS_EBS_CSI_CHART_VERSION := 2.28.1 +export CILIUM_VERSION := 1.15.6 +export NODE_FEATURE_DISCOVERY_VERSION := 0.16.1 +export CLUSTER_AUTOSCALER_CHART_VERSION := 9.37.0 +export AWS_EBS_CSI_CHART_VERSION := 2.32.0 export NUTANIX_STORAGE_CSI_CHART_VERSION := 3.0.0-beta.1912 -export NUTANIX_SNAPSHOT_CSI_CHART_VERSION := 6.3.2 export LOCAL_PATH_CSI_CHART_VERSION := 0.0.29 export SNAPSHOT_CONTROLLER_CHART_VERSION := 3.0.5 # AWS CCM uses the same chart version for all kubernetes versions. The image used in the deployment will @@ -21,7 +20,7 @@ export AWS_CCM_VERSION_130 := v1.30.1 export NUTANIX_CCM_CHART_VERSION := 0.3.3 -export KUBE_VIP_VERSION := v0.8.0 +export KUBE_VIP_VERSION := v0.8.1 export METALLB_CHART_VERSION := 0.14.5