build(deps): Bump sigs.k8s.io/cluster-api-provider-aws/v2 from 2.6.1 …

…to 2.7.1 in /hack/third-party/capa (#965)

Bumps
[sigs.k8s.io/cluster-api-provider-aws/v2](https://github.com/kubernetes-sigs/cluster-api-provider-aws)
from 2.6.1 to 2.7.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases">sigs.k8s.io/cluster-api-provider-aws/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.1</h2>
<h1>Release notes for Cluster API Provider AWS (CAPA) v2.7.1</h1>
<p><a href="https://cluster-api-aws.sigs.k8s.io/">Documentation</a></p>
<h1>Changelog since v2.6.1</h1>
<blockquote>
<p>NOTE: there is no v2.7.0 release available due to an issue
encountered during the release process.</p>
</blockquote>
<h2>Urgent Upgrade Notes</h2>
<h3>(No, really, you MUST read this before you upgrade)</h3>
<ul>
<li>A new community owned AWS account is now being used for publishing
AMIs. The old account owner by a company is no longer accessible and the
images are being automatically deleted by AWS. Support for ubuntu 18.04
&amp; 20.04 has been dropped and ubuntu 24.04 is now the default OS if
no OS is supplied. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5133">#5133</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
<li>View the projects policy on publishing AMIs <a
href="https://cluster-api-aws.sigs.k8s.io/topics/images/built-amis">here</a>.</li>
<li>There is known issue creating clusters with Kubernetes v1.30 or
greater when the load balancer is an ELB (which is the default). Its
recommended for new clusters that you use an NLB instead, See <a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5139">#5139</a>
for further details.</li>
</ul>
<h2>Changes by Kind</h2>
<h3>Support</h3>
<ul>
<li>Add issue templates for reviewer and maintainer changes (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5079">#5079</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
<li>Bump CAPI to v1.8.4 (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5061">#5061</a>,
<a href="https://github.com/damdo"><code>@​damdo</code></a>)</li>
<li>Switch <code>PodDisruptionBudget</code> in templates to policy/v1
(<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5102">#5102</a>,
<a href="https://github.com/AndiDog"><code>@​AndiDog</code></a>)</li>
<li>Templates: align <code>cluster-template.yaml</code> and
<code>cluster-template-machinepool.yaml</code>, use external cloud
controller and CSI (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5136">#5136</a>,
<a href="https://github.com/AndiDog"><code>@​AndiDog</code></a>)</li>
<li>Update metadata file for v2.7.0 release. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5187">#5187</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
</ul>
<h3>Feature</h3>
<ul>
<li>Add NonRootVolumes to AWSMachinePool launch template. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/4954">#4954</a>,
<a href="https://github.com/mnitchev"><code>@​mnitchev</code></a>)</li>
<li>Add ROSA Control plane registry configuration. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5132">#5132</a>,
<a href="https://github.com/serngawy"><code>@​serngawy</code></a>)</li>
<li>Change prevenet deletion label to be specific to CAPA. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5072">#5072</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
<li>Feat: add support for additionalControlPlaneIngressRules in
AWSManagedControlPlane (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/4783">#4783</a>,
<a href="https://github.com/fad3t"><code>@​fad3t</code></a>)</li>
<li>New AMI building workflow that allows a packer vars file to be
passed in. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5152">#5152</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
<li>New
<code>AWSCluster.spec.network.NodePortIngressRuleCidrBlocks</code>
parameter which allows to specify IPv4 CIDR blocks for Security group
rule &quot;Node Port Services&quot; instead of default
<code>0.0.0.0/</code>. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5147">#5147</a>,
<a
href="https://github.com/krasoffski"><code>@​krasoffski</code></a>)</li>
<li>New workflow to publish CAPA AMIs (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5138">#5138</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
<li>Support adding custom secondary VPC CIDR blocks in
<code>AWSCluster</code> (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/4898">#4898</a>,
<a href="https://github.com/AndiDog"><code>@​AndiDog</code></a>)</li>
<li>Support setting maxHealthyPercentage to configure ASG instance
refresh (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5140">#5140</a>,
<a
href="https://github.com/fiunchinho"><code>@​fiunchinho</code></a>)</li>
</ul>
<h3>Bug or Regression</h3>
<ul>
<li>A missing permission needed for using nlbs (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5154">#5154</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
<li>Check for the LB &quot;active&quot; status instead of trying to
resolve the DNS name to validate the LB is ready. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5093">#5093</a>,
<a href="https://github.com/r4f4"><code>@​r4f4</code></a>)</li>
<li>Fix duplicated/leaked EIP when using BYO IPv4 on Machines. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5039">#5039</a>,
<a href="https://github.com/mtulio"><code>@​mtulio</code></a>)</li>
<li>Fix kustomize issue with e2e tests. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5167">#5167</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
<li>Fix: do not attach security groups for Network Load Balancers in
secret regions. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5030">#5030</a>,
<a href="https://github.com/r4f4"><code>@​r4f4</code></a>)</li>
<li>Mark <code>S3BucketCreated</code> condition ready after successful
reconciliation (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5089">#5089</a>,
<a href="https://github.com/AndiDog"><code>@​AndiDog</code></a>)</li>
<li>Updates EKS e2e tests after recent bumping of EKS versions. (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5185">#5185</a>,
<a
href="https://github.com/richardcase"><code>@​richardcase</code></a>)</li>
</ul>
<h3>Uncategorized</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/54dfb1ababdb620143e6db7b397f79d9d6f4f922"><code>54dfb1a</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5190">#5190</a>
from k8s-infra-cherrypick-robot/cherry-pick-5188-to-...</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/ffcb78705788de7c059345fb348427462b5fe51b"><code>ffcb787</code></a>
chore: downgrade kustomizt v5 version</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/9d40dc1bacf41584224bae5372ac72349983b34f"><code>9d40dc1</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5187">#5187</a>
from richardcase/release_27</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/6129592a81d260c3e200d0861fe7eef052049ac3"><code>6129592</code></a>
chore: update metadata for release 2.7.0</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/5b4f7c1acb52392ec4121b4145468a4bbecf26fd"><code>5b4f7c1</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5093">#5093</a>
from r4f4/fix-5032-approach-2</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/f3a7aa354e7df6ac6cd384ac2aec9cd247430d11"><code>f3a7aa3</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5185">#5185</a>
from richardcase/eks_e2e_failures</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/13861360535fb5fa30f50475896117c565e3789a"><code>1386136</code></a>
fix: eks tests broken due to incorrect addon versions</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/f3c178f05637e2739af419f93994be7c8bf2d980"><code>f3c178f</code></a>
✨ Add support for additionalControlPlaneIngressRule on AWSManaged… (<a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/4783">#4783</a>)</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/fd0ad3845459feeea69f09f3e7c2eb0337785d99"><code>fd0ad38</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5166">#5166</a>
from serngawy/versionGate</li>
<li><a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/commit/32ebcce58dbcc19cf83482443add80361aaf1ed2"><code>32ebcce</code></a>
🐛elbv2: wait for LB active state instead of resolving DNS name</li>
<li>Additional commits viewable in <a
href="https://github.com/kubernetes-sigs/cluster-api-provider-aws/compare/v2.6.1...v2.7.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigs.k8s.io/cluster-api-provider-aws/v2&package-manager=go_modules&previous-version=2.6.1&new-version=2.7.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jimmi Dyson <jimmidyson@gmail.com>

api/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2/network_types.go

@@ -351,6 +351,11 @@ type NetworkSpec struct {
 	// AdditionalControlPlaneIngressRules is an optional set of ingress rules to add to the control plane
 	// +optional
 	AdditionalControlPlaneIngressRules []IngressRule `json:"additionalControlPlaneIngressRules,omitempty"`
+
+	// NodePortIngressRuleCidrBlocks is an optional set of CIDR blocks to allow traffic to nodes' NodePort services.
+	// If none are specified here, all IPs are allowed to connect.
+	// +optional
+	NodePortIngressRuleCidrBlocks []string `json:"nodePortIngressRuleCidrBlocks,omitempty"`
 }
 
 // IPv6 contains ipv6 specific settings for the network.
@@ -388,6 +393,13 @@ type IPAMPool struct {
 	NetmaskLength int64 `json:"netmaskLength,omitempty"`
 }
 
+// VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported.
+type VpcCidrBlock struct {
+	// IPv4CidrBlock is the IPv4 CIDR block to associate with the managed VPC.
+	// +kubebuilder:validation:MinLength=1
+	IPv4CidrBlock string `json:"ipv4CidrBlock"`
+}
+
 // VPCSpec configures an AWS VPC.
 type VPCSpec struct {
 	// ID is the vpc-id of the VPC this provider should use to create resources.
@@ -398,6 +410,12 @@ type VPCSpec struct {
 	// Mutually exclusive with IPAMPool.
 	CidrBlock string `json:"cidrBlock,omitempty"`
 
+	// SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC.
+	// Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use
+	// a separate IP range for pods (e.g. Cilium ENI mode).
+	// +optional
+	SecondaryCidrBlocks []VpcCidrBlock `json:"secondaryCidrBlocks,omitempty"`
+
 	// IPAMPool defines the IPAMv4 pool to be used for VPC.
 	// Mutually exclusive with CidrBlock.
 	IPAMPool *IPAMPool `json:"ipamPool,omitempty"`

hack/third-party/capa/go.mod

@@ -3,21 +3,23 @@
 
 module github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/external/capa
 
-go 1.22
+go 1.22.0
 
-require sigs.k8s.io/cluster-api-provider-aws/v2 v2.6.1
+toolchain go1.23.1
+
+require sigs.k8s.io/cluster-api-provider-aws/v2 v2.7.1
 
 require (
-	github.com/aws/aws-sdk-go v1.51.17 // indirect
+	github.com/aws/aws-sdk-go v1.55.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-openapi/jsonpointer v0.20.2 // indirect
 	github.com/go-openapi/jsonreference v0.20.4 // indirect
 	github.com/go-openapi/swag v0.22.9 // indirect
@@ -27,7 +29,6 @@ require (
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -43,29 +44,28 @@ require (
 	github.com/prometheus/common v0.52.2 // indirect
 	github.com/prometheus/procfs v0.13.0 // indirect
 	github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect
-	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
-	golang.org/x/net v0.24.0 // indirect
-	golang.org/x/oauth2 v0.19.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
-	golang.org/x/term v0.19.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/term v0.22.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.29.3 // indirect
-	k8s.io/apiextensions-apiserver v0.29.3 // indirect
-	k8s.io/apimachinery v0.29.3 // indirect
-	k8s.io/client-go v0.29.3 // indirect
-	k8s.io/component-base v0.29.3 // indirect
+	k8s.io/api v0.30.5 // indirect
+	k8s.io/apiextensions-apiserver v0.30.5 // indirect
+	k8s.io/apimachinery v0.30.5 // indirect
+	k8s.io/client-go v0.30.5 // indirect
+	k8s.io/component-base v0.30.5 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect
-	sigs.k8s.io/cluster-api v1.7.1 // indirect
-	sigs.k8s.io/controller-runtime v0.17.3 // indirect
+	sigs.k8s.io/cluster-api v1.8.4 // indirect
+	sigs.k8s.io/controller-runtime v0.18.5 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect