From 97257e4e58e8a70a00a3b254b2fa0c7dbaf3a99f Mon Sep 17 00:00:00 2001 From: Abhay Krishna Date: Tue, 25 Jul 2023 01:20:15 -0700 Subject: [PATCH] Bump cluster-api, cert-manager and kind to latest versions --- UPSTREAM_PROJECTS.yaml | 6 +- projects/brancz/kube-rbac-proxy/README.md | 2 +- .../CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt | 2 +- .../CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt | 2 +- .../CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt | 2 +- .../CERT_MANAGER_CTL_ATTRIBUTION.txt | 2 +- .../CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt | 2 +- projects/cert-manager/cert-manager/CHECKSUMS | 20 +- projects/cert-manager/cert-manager/GIT_TAG | 2 +- projects/cert-manager/cert-manager/README.md | 2 +- .../cert-manager/manifests/cert-manager.yaml | 104 +++--- .../cluster-api/ATTRIBUTION.txt | 10 +- .../cluster-api/CAPD_ATTRIBUTION.txt | 19 +- .../kubernetes-sigs/cluster-api/CHECKSUMS | 20 +- projects/kubernetes-sigs/cluster-api/GIT_TAG | 2 +- projects/kubernetes-sigs/cluster-api/Makefile | 13 +- .../kubernetes-sigs/cluster-api/README.md | 2 +- ...Adding-capi-support-for-Bottlerocket.patch | 12 +- .../0002-Add-unstacked-etcd-support.patch | 20 +- ...tacked-etcd-and-controlplane-upgrade.patch | 10 +- ...h-in-kubevip-manifest-for-kubeadm-co.patch | 6 +- ...ottlerocket-bootstrap-images-updatab.patch | 6 +- ...for-registry-mirror-for-bottlerocket.patch | 6 +- ...-template-for-bottlerocket-bootstrap.patch | 6 +- ...pdate-core-conversion-spoke-versions.patch | 6 +- ...rocket-changes-to-capbk-v1alpha4-api.patch | 6 +- ...pdate-capbk-converions-spoke-version.patch | 6 +- ...on-to-list-of-fields-to-ignore-for-u.patch | 6 +- ...node-labels-support-for-bottlerocket.patch | 6 +- .../0013-Support-worker-node-taints.patch | 6 +- ...t-bottle-rocket-control-plane-taints.patch | 6 +- ...ing-bottlerocket-control-container-u.patch | 8 +- ...mat-for-storing-etcd-machine-address.patch | 6 +- ...-provider-id-from-kubelet-extra-args.patch | 6 +- ...-control-image-on-nodes-joining-a-ne.patch | 6 +- ...pecifiy-additional-host-containers-i.patch | 6 +- ...-custom-bootstrap-containers-config-.patch | 6 +- ...ing-bottlerocket-admin-container-ima.patch | 6 +- ...t-admin-control-custom-bootstrap-con.patch | 6 +- ...e-status-to-running-after-etcd-contr.patch | 6 +- ...add-support-for-registry-credentials.patch | 6 +- ...configuring-NTP-servers-on-bottleroc.patch | 6 +- .../0026-set-hostname-for-BR-nodes.patch | 6 +- ...dd-bottlerocket-k8s-settings-support.patch | 8 +- .../0028-add-br-kernel.sysctl-settings.patch | 6 +- ...0029-add-boot-kernel-settings-for-BR.patch | 6 +- ...-maxconn-value-to-avoid-ulimit-issue.patch | 6 +- ...ort-for-custom-cert-bundles-in-BR-21.patch | 6 +- .../0032-CAPI-Move-Cluster-Filter.patch | 6 +- ...h-force-move-label-and-no-cluster-te.patch | 6 +- ...irror-configurations-to-be-mutable-f.patch | 4 +- ...external-etcd-machines-in-Kind-mappe.patch | 189 ++++++++++ projects/kubernetes-sigs/cri-tools/README.md | 2 +- projects/kubernetes-sigs/kind/ATTRIBUTION.txt | 2 +- projects/kubernetes-sigs/kind/CHECKSUMS | 8 +- projects/kubernetes-sigs/kind/GIT_TAG | 2 +- .../kind/KINDNETD_ATTRIBUTION.txt | 2 +- projects/kubernetes-sigs/kind/README.md | 2 +- .../kind/build/node-image-build-args.sh | 14 +- ...tch-to-AL2-base-image-for-node-image.patch | 336 +++++++++++------- ...-required-images-since-the-build-rem.patch | 44 +-- ...-maxconn-value-to-avoid-ulimit-issue.patch | 5 +- ...EMP-lock-containerd-and-runc-version.patch | 26 -- projects/vmware/govmomi/README.md | 2 +- 64 files changed, 650 insertions(+), 426 deletions(-) create mode 100644 projects/kubernetes-sigs/cluster-api/patches/0035-Add-support-for-external-etcd-machines-in-Kind-mappe.patch delete mode 100644 projects/kubernetes-sigs/kind/patches/0004-TEMP-lock-containerd-and-runc-version.patch diff --git a/UPSTREAM_PROJECTS.yaml b/UPSTREAM_PROJECTS.yaml index e49c3b87c6..fb20417d69 100644 --- a/UPSTREAM_PROJECTS.yaml +++ b/UPSTREAM_PROJECTS.yaml @@ -61,7 +61,7 @@ projects: repos: - name: cert-manager versions: - - tag: v1.12.1 + - tag: v1.12.2 go_version: "1.20" - org: cilium repos: @@ -175,7 +175,7 @@ projects: repos: - name: cluster-api versions: - - tag: v1.4.3 + - tag: v1.4.5 go_version: "1.19" - name: cluster-api-provider-cloudstack versions: @@ -199,7 +199,7 @@ projects: go_version: N/A - name: kind versions: - - tag: v0.18.0 + - tag: v0.20.0 go_version: "1.20" - org: metallb repos: diff --git a/projects/brancz/kube-rbac-proxy/README.md b/projects/brancz/kube-rbac-proxy/README.md index 5ea264b5f6..7351ca91e4 100644 --- a/projects/brancz/kube-rbac-proxy/README.md +++ b/projects/brancz/kube-rbac-proxy/README.md @@ -1,5 +1,5 @@ ## **Kube RBAC Proxy** -![Version](https://img.shields.io/badge/version-v0.14.1-blue) +![Version](https://img.shields.io/badge/version-v0.14.2-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiZUxRMjRTYUl6NEhJWkI1YVh5QVB3UitEY1dCcExLTUxGR21DQ0IySUZUTEI4N3I4NnMwbnIxUW9OZ1dudm9VdTRoaHVzUHhyMjNwek9wYXY3amh3NlFVPSIsIml2UGFyYW1ldGVyU3BlYyI6ImdSc3ZLZmpxM1BMYnd0dGwiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) The [kube-rbac-proxy](https://github.com/brancz/kube-rbac-proxy) is an HTTP proxy for a single upstream endpoint, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`. In Kubernetes clusters without NetworkPolicies, any Pod can perform requests to every other Pod in the cluster. This proxy serves to restrict requests to only those Pods that present a valid and RBAC-authorized token or client TLS certificate. diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt index 257f7c4451..07fd491a22 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/acmesolver-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/acmesolver-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/acmesolver-binary ** github.com/go-logr/logr; version v1.2.4 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt index ff20e70d2b..97795c577c 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/cainjector-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/cainjector-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/cainjector-binary ** github.com/go-logr/logr; version v1.2.4 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt index 249a5e2dd6..730d61b501 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt @@ -32,7 +32,7 @@ https://github.com/Azure/go-autorest/tracing ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/controller-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/controller-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/controller-binary ** github.com/coreos/go-semver/semver; version v0.3.0 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt index d0d3176a71..06907c8932 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v1.12.1-0.20230524130037-7ea113504de2 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/cmd/ctl; version v1.12.1 -- +** github.com/cert-manager/cert-manager/cmd/ctl; version v1.12.2 -- https://github.com/cert-manager/cert-manager/cmd/ctl ** github.com/containerd/containerd; version v1.7.0 -- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt index 499d5de691..b954a09a01 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt @@ -2,7 +2,7 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/webhook-binary; version v1.12.1 -- +** github.com/cert-manager/cert-manager/webhook-binary; version v1.12.2 -- https://github.com/cert-manager/cert-manager/webhook-binary ** github.com/go-logr/logr; version v1.2.4 -- diff --git a/projects/cert-manager/cert-manager/CHECKSUMS b/projects/cert-manager/cert-manager/CHECKSUMS index e8c6be4352..b4f7528e09 100644 --- a/projects/cert-manager/cert-manager/CHECKSUMS +++ b/projects/cert-manager/cert-manager/CHECKSUMS @@ -1,10 +1,10 @@ -b27e0f8fdde56522342b15531b586f1a1658d79f62c0b4dbb30e8f8cb72b1d7f _output/bin/cert-manager/linux-amd64/cert-manager-acmesolver -ec50b30c6650eb43f353b2c2012f83a9f9141dc7ace18c372c5b840ff0df1df9 _output/bin/cert-manager/linux-amd64/cert-manager-cainjector -868f0e629002bd69d91c388f8fadd8563d28a7af4dd149c2cb76ada5fe4624f3 _output/bin/cert-manager/linux-amd64/cert-manager-controller -a9e25f38de1f72c6438c488f199f95a59e37b91e987ce659612911ec0cd8d6f5 _output/bin/cert-manager/linux-amd64/cert-manager-ctl -c61c06716d578cede28ffa1b85f21110dd47564adf95125d27999a100be579b5 _output/bin/cert-manager/linux-amd64/cert-manager-webhook -ec169a43ebc6830c935dff29536c2d2dc799a4c34e2dfc6a1c5af7a9dc76b82a _output/bin/cert-manager/linux-arm64/cert-manager-acmesolver -58bdda035d98549df3829c085cc32ca8a7d141130fd3195e01c1bc8f69e4a47d _output/bin/cert-manager/linux-arm64/cert-manager-cainjector -33800139795ef5d4762092c57dcd5e32a0ca8fac4bd4ff1105f621b3ea46cd67 _output/bin/cert-manager/linux-arm64/cert-manager-controller -9d1c1ae65ade567d3340d5b8b0f8f54ba852978af6b892d11505342d38d1df32 _output/bin/cert-manager/linux-arm64/cert-manager-ctl -b9387c69c37ba6ab93cab8681b933e61493c60a9ee13842af19627358ee444e2 _output/bin/cert-manager/linux-arm64/cert-manager-webhook +55bb3ab64e1b7800f5a44edd0b217dfad9f7eddb962bbf6f110c838c858595dd _output/bin/cert-manager/linux-amd64/cert-manager-acmesolver +e34ca2b8c8c47f2f05e2ea041695e8c7422b31e5ebfeba6241410453b0ebdc86 _output/bin/cert-manager/linux-amd64/cert-manager-cainjector +a9e6a4c4a0ba8fc6d1d93f1a96832470023f31038e8b30e4c3628a0eeac9c7bd _output/bin/cert-manager/linux-amd64/cert-manager-controller +5ef1243565f0224ad4af2fcfb5c05a442435745db2faecd4bb044a675c72477e _output/bin/cert-manager/linux-amd64/cert-manager-ctl +788d265ec23993384d2a8cb77a724ba87fa66b7a39450a3a3d71e42f1f05f9af _output/bin/cert-manager/linux-amd64/cert-manager-webhook +b105c8f3e6cd7d844522f97ad27d21778b54b7554d30d849a15ce73cc33bb2de _output/bin/cert-manager/linux-arm64/cert-manager-acmesolver +d9e13b63b4a6e08009cd6e5512a3a514d89e5ac873a84acf3e97bba35bd75450 _output/bin/cert-manager/linux-arm64/cert-manager-cainjector +f20795a19580f2a083f90d3abd9ac83a1b734b91a6b37412471e6962d9f0b915 _output/bin/cert-manager/linux-arm64/cert-manager-controller +ba802dc58d3764b09384c0df28c6115d7afbd41e0e434b976603cfd8de16f96b _output/bin/cert-manager/linux-arm64/cert-manager-ctl +43db2e15a508b0fd47e8956cd437ef96605e01f9341a6702268d309db11fd227 _output/bin/cert-manager/linux-arm64/cert-manager-webhook diff --git a/projects/cert-manager/cert-manager/GIT_TAG b/projects/cert-manager/cert-manager/GIT_TAG index 51b86ba24b..41de27dfab 100644 --- a/projects/cert-manager/cert-manager/GIT_TAG +++ b/projects/cert-manager/cert-manager/GIT_TAG @@ -1 +1 @@ -v1.12.1 +v1.12.2 diff --git a/projects/cert-manager/cert-manager/README.md b/projects/cert-manager/cert-manager/README.md index 8d99b86d3d..df991b0943 100644 --- a/projects/cert-manager/cert-manager/README.md +++ b/projects/cert-manager/cert-manager/README.md @@ -1,5 +1,5 @@ ## **cert-manager** -![Version](https://img.shields.io/badge/version-v1.12.1-blue) +![Version](https://img.shields.io/badge/version-v1.12.2-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiUkphQkhWTUpOOVE1OFVLU0dHQmVFUXZJV0dJaGVLYmtEZHp0aGtDRnJBQUxtaHVqOWp3S0l6d0NlTytqNWpwc2tNTmF6RnNhMTZ3d1J1RXErR0lWcldZPSIsIml2UGFyYW1ldGVyU3BlYyI6IlQyU2lIcVVtU3ozZVZSVTgiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [cert-manager](https://github.com/cert-manager/cert-manager) is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources, such as [Let’s Encrypt](https://letsencrypt.org), [HashiCorp Vault](https://www.vaultproject.io), [Venafi](https://www.venafi.com/), a simple signing key pair, or self signed. It periodically ensures that certificates are valid and up-to-date, and attempts to renew certificates at an appropriate time before expiry. diff --git a/projects/cert-manager/cert-manager/manifests/cert-manager.yaml b/projects/cert-manager/cert-manager/manifests/cert-manager.yaml index 235dc1c4ef..44b817fd80 100644 --- a/projects/cert-manager/cert-manager/manifests/cert-manager.yaml +++ b/projects/cert-manager/cert-manager/manifests/cert-manager.yaml @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -227,7 +227,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -600,7 +600,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: acme.cert-manager.io names: @@ -1678,7 +1678,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: "cert-manager" # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -2998,7 +2998,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: "cert-manager" # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: cert-manager.io names: @@ -4318,7 +4318,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: group: acme.cert-manager.io names: @@ -4502,7 +4502,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" --- # Source: cert-manager/templates/serviceaccount.yaml apiVersion: v1 @@ -4516,7 +4516,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" --- # Source: cert-manager/templates/webhook-serviceaccount.yaml apiVersion: v1 @@ -4530,7 +4530,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" --- # Source: cert-manager/templates/webhook-config.yaml apiVersion: v1 @@ -4543,7 +4543,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" data: --- # Source: cert-manager/templates/cainjector-rbac.yaml @@ -4556,7 +4556,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates"] @@ -4588,7 +4588,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["issuers", "issuers/status"] @@ -4614,7 +4614,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["clusterissuers", "clusterissuers/status"] @@ -4640,7 +4640,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] @@ -4675,7 +4675,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["acme.cert-manager.io"] resources: ["orders", "orders/status"] @@ -4713,7 +4713,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: # Use to update challenge resource status - apiGroups: ["acme.cert-manager.io"] @@ -4773,7 +4773,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests"] @@ -4810,7 +4810,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -4832,7 +4832,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: @@ -4857,7 +4857,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] @@ -4877,7 +4877,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests"] @@ -4903,7 +4903,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4919,7 +4919,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4939,7 +4939,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4959,7 +4959,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4979,7 +4979,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4999,7 +4999,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5019,7 +5019,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5039,7 +5039,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5059,7 +5059,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5079,7 +5079,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5099,7 +5099,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5122,7 +5122,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: # Used for leader election by the controller # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller @@ -5148,7 +5148,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5169,7 +5169,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" rules: - apiGroups: [""] resources: ["secrets"] @@ -5194,7 +5194,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5217,7 +5217,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5239,7 +5239,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5261,7 +5261,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: type: ClusterIP ports: @@ -5285,7 +5285,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: type: ClusterIP ports: @@ -5309,7 +5309,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: replicas: 1 selector: @@ -5324,7 +5324,7 @@ spec: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: serviceAccountName: cert-manager-cainjector securityContext: @@ -5333,7 +5333,7 @@ spec: type: RuntimeDefault containers: - name: cert-manager-cainjector - image: "quay.io/jetstack/cert-manager-cainjector:v1.12.1" + image: "quay.io/jetstack/cert-manager-cainjector:v1.12.2" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5362,7 +5362,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: replicas: 1 selector: @@ -5377,7 +5377,7 @@ spec: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" annotations: prometheus.io/path: "/metrics" prometheus.io/scrape: 'true' @@ -5390,13 +5390,13 @@ spec: type: RuntimeDefault containers: - name: cert-manager-controller - image: "quay.io/jetstack/cert-manager-controller:v1.12.1" + image: "quay.io/jetstack/cert-manager-controller:v1.12.2" imagePullPolicy: IfNotPresent args: - --v=2 - --cluster-resource-namespace=$(POD_NAMESPACE) - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.1 + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.2 - --max-concurrent-challenges=60 ports: - containerPort: 9402 @@ -5429,7 +5429,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: replicas: 1 selector: @@ -5444,7 +5444,7 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" spec: serviceAccountName: cert-manager-webhook securityContext: @@ -5453,7 +5453,7 @@ spec: type: RuntimeDefault containers: - name: cert-manager-webhook - image: "quay.io/jetstack/cert-manager-webhook:v1.12.1" + image: "quay.io/jetstack/cert-manager-webhook:v1.12.2" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5514,7 +5514,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" annotations: cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca" webhooks: @@ -5555,7 +5555,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.12.1" + app.kubernetes.io/version: "v1.12.2" annotations: cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca" webhooks: diff --git a/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt b/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt index cb171f8eef..4a77906ba9 100644 --- a/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/cluster-api/ATTRIBUTION.txt @@ -110,10 +110,10 @@ https://github.com/go4org/go4 ** gomodules.xyz/jsonpatch/v2; version v2.2.0 -- https://github.com/gomodules/jsonpatch -** google.golang.org/genproto/googleapis; version v0.0.0-20221227171554-f9683d7f8bef -- +** google.golang.org/genproto/googleapis; version v0.0.0-20230306155012-7f2fa6fef1f4 -- https://github.com/googleapis/go-genproto -** google.golang.org/grpc; version v1.52.0 -- +** google.golang.org/grpc; version v1.55.0 -- https://github.com/grpc/grpc-go ** gopkg.in/ini.v1; version v1.67.0 -- @@ -170,7 +170,7 @@ https://github.com/kubernetes/kubectl ** k8s.io/utils; version v0.0.0-20221128185143-99ec85e7a448 -- https://github.com/kubernetes/utils -** sigs.k8s.io/cluster-api; version v1.4.3 -- +** sigs.k8s.io/cluster-api; version v1.4.5 -- https://github.com/kubernetes-sigs/cluster-api ** sigs.k8s.io/controller-runtime; version v0.14.5 -- @@ -1219,7 +1219,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/protobuf; version v1.28.1 -- +** google.golang.org/protobuf; version v1.30.0 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -1360,7 +1360,7 @@ Copyright (c) 2014 Benedikt Lang https://github.com/blang/semver/v4 Copyright (c) 2014 Benedikt Lang -** github.com/cespare/xxhash/v2; version v2.1.2 -- +** github.com/cespare/xxhash/v2; version v2.2.0 -- https://github.com/cespare/xxhash/v2 Copyright (c) 2016 Caleb Spare diff --git a/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt b/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt index 4f22d5964a..6532b7f0fd 100644 --- a/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/cluster-api/CAPD_ATTRIBUTION.txt @@ -8,7 +8,7 @@ https://github.com/coreos/go-systemd ** github.com/docker/distribution; version v2.8.2+incompatible -- https://github.com/distribution/distribution -** github.com/docker/docker; version v20.10.24+incompatible -- +** github.com/docker/docker; version v24.0.5+incompatible -- https://github.com/moby/moby ** github.com/docker/go-connections; version v0.4.0 -- @@ -113,10 +113,13 @@ https://github.com/kubernetes/utils ** sigs.k8s.io/cluster-api; version v0.0.0-00010101000000-000000000000 -- https://github.com/kubernetes-sigs/cluster-api -** sigs.k8s.io/cluster-api/test/infrastructure/container; version v1.4.3 -- +** sigs.k8s.io/cluster-api/test/infrastructure/container; version v1.4.5 -- https://github.com/kubernetes-sigs/cluster-api -** sigs.k8s.io/cluster-api/test/infrastructure/docker; version v1.4.3 -- +** sigs.k8s.io/cluster-api/test/infrastructure/docker; version v1.4.5 -- +https://github.com/kubernetes-sigs/cluster-api + +** sigs.k8s.io/cluster-api/test/infrastructure/kind; version v1.4.5 -- https://github.com/kubernetes-sigs/cluster-api ** sigs.k8s.io/controller-runtime; version v0.14.5 -- @@ -125,7 +128,7 @@ https://github.com/kubernetes-sigs/controller-runtime ** sigs.k8s.io/json; version v0.0.0-20220713155537-f223a00ba0e2 -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/kind/pkg; version v0.18.0 -- +** sigs.k8s.io/kind/pkg; version v0.20.0 -- https://github.com/kubernetes-sigs/kind ** sigs.k8s.io/structured-merge-diff/v4; version v4.2.3 -- @@ -881,7 +884,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/protobuf; version v1.28.1 -- +** google.golang.org/protobuf; version v1.30.0 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -1047,7 +1050,7 @@ Copyright (c) 2014 Benedikt Lang https://github.com/blang/semver/v4 Copyright (c) 2014 Benedikt Lang -** github.com/cespare/xxhash/v2; version v2.1.2 -- +** github.com/cespare/xxhash/v2; version v2.2.0 -- https://github.com/cespare/xxhash/v2 Copyright (c) 2016 Caleb Spare @@ -1075,10 +1078,6 @@ Copyright (c) 2016 Mail.Ru Group https://github.com/onsi/gomega Copyright (c) 2013-2014 Onsi Fakhouri -** github.com/sirupsen/logrus; version v1.8.1 -- -https://github.com/sirupsen/logrus -Copyright (c) 2014 Simon Eskildsen - ** github.com/vincent-petithory/dataurl; version v1.0.0 -- https://github.com/vincent-petithory/dataurl Copyright (c) 2014 Vincent Petithory diff --git a/projects/kubernetes-sigs/cluster-api/CHECKSUMS b/projects/kubernetes-sigs/cluster-api/CHECKSUMS index 5dcf968ac1..cfb90e5764 100644 --- a/projects/kubernetes-sigs/cluster-api/CHECKSUMS +++ b/projects/kubernetes-sigs/cluster-api/CHECKSUMS @@ -1,10 +1,10 @@ -1c8bd7321af0f19bc0b50c128ffb245b54d5fb171f82a96722bd9d42ed468579 _output/bin/cluster-api/linux-amd64/cluster-api-provider-docker-manager -0fd3d72ae8d8fa5018e5a2c4fe437a0d73562c574d1e3bbba11a58f61eb5de66 _output/bin/cluster-api/linux-amd64/clusterctl -3030c170d1243e97be100bdc749d8ec1f350429e2293f0690bf351d12b38034a _output/bin/cluster-api/linux-amd64/kubeadm-bootstrap-manager -133f9dd9c3da6ad0f83b3945d2697df471b1dcede43b42432d70cc1047b7d3d9 _output/bin/cluster-api/linux-amd64/kubeadm-control-plane-manager -23a60d899ffb891ad6e7dcbeea2d3e6d43159730c95344757a3879f2fbf3aa06 _output/bin/cluster-api/linux-amd64/manager -275dcd1c9f60664da789cabf8111aefdd312c387642574568c3ff2a01b26d766 _output/bin/cluster-api/linux-arm64/cluster-api-provider-docker-manager -33004bbb240a06ed65b4cfbe4c71948a7b6dce7a36ae6da6a0e83c0823fe5c3f _output/bin/cluster-api/linux-arm64/clusterctl -cf8c5c3864c8a1f3c6c6da555f2510fdff040072e4f1f9d64ec39996f659c469 _output/bin/cluster-api/linux-arm64/kubeadm-bootstrap-manager -676bf3cd30259d0c24ba9dcf4d240cb5b56fa8f7883e5967cc2a97b9fba618e2 _output/bin/cluster-api/linux-arm64/kubeadm-control-plane-manager -6b8e4ccb2381afcfc09b5ae155476e64585e77f2c1b3864bb5d1158a61f46f44 _output/bin/cluster-api/linux-arm64/manager +ad235717c6c4181278be3dc1925830191b36ff19dc2b17d2530edcfa61b852b5 _output/bin/cluster-api/linux-amd64/cluster-api-provider-docker-manager +363117ed2f7578fe3b2052b417310add8d92f44b26b886150fa7e7629e7df50c _output/bin/cluster-api/linux-amd64/clusterctl +5067378b89f1fc0032c7e3dd4ccb4cc1e733f238f3b43a3b7a9ab20ce9fda820 _output/bin/cluster-api/linux-amd64/kubeadm-bootstrap-manager +7bd8e8fa7b1bc1cb530caaaeedb469f103c7b9c86f5c3ee13f5cc15a89cad299 _output/bin/cluster-api/linux-amd64/kubeadm-control-plane-manager +4b68da9d93a7d22ea64427f1d458a80ef592056ec20bd641134985535ca24c2e _output/bin/cluster-api/linux-amd64/manager +5b0540665ea1bae97e027411e24240425aa708b5459c93f3701928c8c8aa9b62 _output/bin/cluster-api/linux-arm64/cluster-api-provider-docker-manager +98064b91e2a84f98cc0e1a1f8d6d8453784ac82577f7654334fd41852ffbbf04 _output/bin/cluster-api/linux-arm64/clusterctl +c40a6e5a27f39dc82c871c3882915d444a9279caf3168662201b64fbe585d6c2 _output/bin/cluster-api/linux-arm64/kubeadm-bootstrap-manager +fb735b6be7890c3631cd5b02e0767036351bfc5b11f419ed3be304511e6d2491 _output/bin/cluster-api/linux-arm64/kubeadm-control-plane-manager +377a21d4de98360973629acadb843a435685a33f7cb6ec055c5d1dd219696146 _output/bin/cluster-api/linux-arm64/manager diff --git a/projects/kubernetes-sigs/cluster-api/GIT_TAG b/projects/kubernetes-sigs/cluster-api/GIT_TAG index 92f76b4232..959bb9d045 100644 --- a/projects/kubernetes-sigs/cluster-api/GIT_TAG +++ b/projects/kubernetes-sigs/cluster-api/GIT_TAG @@ -1 +1 @@ -v1.4.3 +v1.4.5 diff --git a/projects/kubernetes-sigs/cluster-api/Makefile b/projects/kubernetes-sigs/cluster-api/Makefile index 872e5583dc..5b28efb923 100644 --- a/projects/kubernetes-sigs/cluster-api/Makefile +++ b/projects/kubernetes-sigs/cluster-api/Makefile @@ -28,7 +28,8 @@ BUILDSPEC_COMPUTE_TYPE=BUILD_GENERAL1_LARGE FIX_LICENSES_GO_JSON_TARGET=$(REPO)/vendor/github.com/github.com/ajeddeloh/go-json/LICENSE.txt FIX_LICENSES_TEST_CONTAINER_TARGET=$(REPO)/test/infrastructure/docker/LICENSE -FIX_LICENSES_TEST_DOCKER_TARGET=$(REPO)/test/infrastructure/container/LICENSE +FIX_LICENSES_TEST_DOCKER_TARGET=$(REPO)/test/infrastructure/container/LICENSE +FIX_LICENSES_TEST_KIND_TARGET=$(REPO)/test/infrastructure/kind/LICENSE include $(BASE_DIRECTORY)/Common.mk @@ -37,7 +38,7 @@ $(OUTPUT_BIN_DIR)/linux-%/cluster-api-provider-docker-manager: EXTRA_GO_LDFLAGS= s3-artifacts: create-manifests -$(GATHER_LICENSES_TARGETS): | $(FIX_LICENSES_GO_JSON_TARGET) $(FIX_LICENSES_TEST_CONTAINER_TARGET) $(FIX_LICENSES_TEST_DOCKER_TARGET) +$(GATHER_LICENSES_TARGETS): | $(FIX_LICENSES_GO_JSON_TARGET) $(FIX_LICENSES_TEST_CONTAINER_TARGET) $(FIX_LICENSES_TEST_DOCKER_TARGET) $(FIX_LICENSES_TEST_KIND_TARGET) cluster-api-docker-controller/images/%: BASE_IMAGE_NAME=eks-distro-minimal-base @@ -54,14 +55,18 @@ $(FIX_LICENSES_GO_JSON_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) $(REPO)/vendor/github.com/ajeddeloh/go-json/LICENSE.txt; $(FIX_LICENSES_TEST_CONTAINER_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) -# capd pulls in a dep in test/infra/container which does not have a LICENSE file and go-licenses does look up +# CAPD pulls in a dep in test/infrastructure/container which does not have a LICENSE file and go-licenses does look it up # We use capi license instead cp $(REPO)/LICENSE $@ $(FIX_LICENSES_TEST_DOCKER_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) -# capd is a separate module but it doesn't have its own license, it inherits the one at the REPO top level. +# CAPD is a separate module but it doesn't have its own license, it inherits the one at the REPO top level. cp $(REPO)/LICENSE $@ +$(FIX_LICENSES_TEST_KIND_TARGET): | $(GO_MOD_DOWNLOAD_TARGETS) +# CAPD pulls in a dep in test/infrstructure/kind which does not have a LICENSE file and go-licenses does look it up +# We use capi license instead + cp $(REPO)/LICENSE $@ ########### DO NOT EDIT ############################# # To update call: make add-generated-help-block diff --git a/projects/kubernetes-sigs/cluster-api/README.md b/projects/kubernetes-sigs/cluster-api/README.md index cd106b284c..feb522b39f 100644 --- a/projects/kubernetes-sigs/cluster-api/README.md +++ b/projects/kubernetes-sigs/cluster-api/README.md @@ -1,5 +1,5 @@ ## **Cluster API** -![Version](https://img.shields.io/badge/version-v1.4.3-blue) +![Version](https://img.shields.io/badge/version-v1.4.5-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiQVZ3TDBZZVVXZUZiVmtqLzVoOVcrV2FaMmxRRzJXRmJCRlZtQkNodXdWZ0FrNm0zQ3l5UzNqTkdsQXgwdzc0bTBZc1RIcjBhMUVFbEhIK3d2VDVPek1rPSIsIml2UGFyYW1ldGVyU3BlYyI6IkVuOGJxNXBPZEtDek81Q3giLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [Cluster API](https://github.com/kubernetes-sigs/cluster-api) is a Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters. It uses Kubernetes-style APIs and patterns to automate cluster lifecycle management for platform operators. The supporting infrastructure, like virtual machines, networks, load balancers, and VPCs, as well as the Kubernetes cluster configuration are all defined in the same way that application developers operate deploying and managing their workloads. This enables consistent and repeatable cluster deployments across a wide variety of infrastructure environments. Cluster API can be extended to support any infrastructure provider (AWS, Azure, vSphere, etc.) or bootstrap provider (kubeadm is default) as required by the customer. diff --git a/projects/kubernetes-sigs/cluster-api/patches/0001-Adding-capi-support-for-Bottlerocket.patch b/projects/kubernetes-sigs/cluster-api/patches/0001-Adding-capi-support-for-Bottlerocket.patch index 6db07f6b1d..2aedd1ca84 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0001-Adding-capi-support-for-Bottlerocket.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0001-Adding-capi-support-for-Bottlerocket.patch @@ -1,7 +1,7 @@ -From 10dd70d5cf1eaf47cd2060d3e83847058072af59 Mon Sep 17 00:00:00 2001 +From 26064de942ed31af6fec2c932b364eb870aaa7e7 Mon Sep 17 00:00:00 2001 From: Vignesh Goutham Ganesh Date: Fri, 11 Jun 2021 10:43:09 -0700 -Subject: [PATCH 01/34] Adding capi support for Bottlerocket +Subject: [PATCH 01/36] Adding capi support for Bottlerocket Signed-off-by: Vignesh Goutham Ganesh @@ -1826,19 +1826,19 @@ index 4e182d911..5a1623e9f 100644 description: SkipPhases is a list of phases to skip during command execution. The list of phases can diff --git a/go.mod b/go.mod -index f96cd8fa6..3588c8779 100644 +index 7fce6267e..20883a1cd 100644 --- a/go.mod +++ b/go.mod @@ -32,6 +32,7 @@ require ( golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.6.0 - google.golang.org/grpc v1.52.0 + google.golang.org/grpc v1.55.0 + gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.26.1 k8s.io/apiextensions-apiserver v0.26.1 k8s.io/apimachinery v0.26.1 @@ -133,7 +134,6 @@ require ( - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect @@ -1846,5 +1846,5 @@ index f96cd8fa6..3588c8779 100644 k8s.io/cli-runtime v0.25.0 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0002-Add-unstacked-etcd-support.patch b/projects/kubernetes-sigs/cluster-api/patches/0002-Add-unstacked-etcd-support.patch index 4bb4f9b657..795ee67675 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0002-Add-unstacked-etcd-support.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0002-Add-unstacked-etcd-support.patch @@ -1,7 +1,7 @@ -From 684d04fdc1f6296db19c1c7a4d42f70f5c0a6105 Mon Sep 17 00:00:00 2001 +From 11745451f5cf785f7a45aecdf0fca870d22811ff Mon Sep 17 00:00:00 2001 From: Rajashree Mandaogane Date: Mon, 28 Jun 2021 13:44:50 -0700 -Subject: [PATCH 02/34] Add unstacked etcd support +Subject: [PATCH 02/36] Add unstacked etcd support Unstacked etcd: API and config changes @@ -207,7 +207,7 @@ index 254b2874b..00d19fac8 100644 // ANCHOR_END: ClusterStatus diff --git a/api/v1beta1/cluster_types.go b/api/v1beta1/cluster_types.go -index 4e5adab14..eeb7e8160 100644 +index 9a72b5a90..8c345b75d 100644 --- a/api/v1beta1/cluster_types.go +++ b/api/v1beta1/cluster_types.go @@ -57,6 +57,11 @@ type ClusterSpec struct { @@ -222,7 +222,7 @@ index 4e5adab14..eeb7e8160 100644 // InfrastructureRef is a reference to a provider-specific resource that holds the details // for provisioning infrastructure for a cluster in said provider. // +optional -@@ -347,6 +352,15 @@ type ClusterStatus struct { +@@ -349,6 +354,15 @@ type ClusterStatus struct { // ObservedGeneration is the latest generation observed by the controller. // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` @@ -307,7 +307,7 @@ index 6d88b5891..c65e8691a 100644 } } diff --git a/config/crd/bases/cluster.x-k8s.io_clusters.yaml b/config/crd/bases/cluster.x-k8s.io_clusters.yaml -index 2ede29e3c..85dddbba1 100644 +index a696a2256..ec0f3b2db 100644 --- a/config/crd/bases/cluster.x-k8s.io_clusters.yaml +++ b/config/crd/bases/cluster.x-k8s.io_clusters.yaml @@ -169,6 +169,45 @@ spec: @@ -570,7 +570,7 @@ index ec2334e96..5c7e70401 100644 + - update + - watch diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go -index b9ca684b8..277cd2e09 100644 +index 131347515..098de41e6 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -19,6 +19,9 @@ package controllers @@ -632,7 +632,7 @@ index b9ca684b8..277cd2e09 100644 // Add finalizer first if not exist to avoid the race condition between init and delete if !controllerutil.ContainsFinalizer(kcp, controlplanev1.KubeadmControlPlaneFinalizer) { controllerutil.AddFinalizer(kcp, controlplanev1.KubeadmControlPlaneFinalizer) -@@ -465,6 +496,15 @@ func (r *KubeadmControlPlaneReconciler) reconcileDelete(ctx context.Context, clu +@@ -475,6 +506,15 @@ func (r *KubeadmControlPlaneReconciler) reconcileDelete(ctx context.Context, clu } ownedMachines := allMachines.Filter(collections.OwnedMachines(kcp)) @@ -1143,7 +1143,7 @@ index 2df5c4da4..1f74abd2d 100644 conditions.MarkFalse(machine, clusterv1.MachineNodeHealthyCondition, clusterv1.WaitingForNodeRefReason, clusterv1.ConditionSeverityInfo, "") return ctrl.Result{}, nil - } -+ } ++ } remoteClient, err := r.Tracker.GetClient(ctx, util.ObjectKey(cluster)) if err != nil { @@ -1346,7 +1346,7 @@ index 83c493afc..03806a1b7 100644 var failureDomain string err = util.UnstructuredUnmarshalField(infraConfig, &failureDomain, "spec", "failureDomain") diff --git a/test/infrastructure/docker/internal/controllers/dockermachine_controller.go b/test/infrastructure/docker/internal/controllers/dockermachine_controller.go -index 58b426e51..9beedc5af 100644 +index 9991b03d1..decaafda4 100644 --- a/test/infrastructure/docker/internal/controllers/dockermachine_controller.go +++ b/test/infrastructure/docker/internal/controllers/dockermachine_controller.go @@ -360,23 +360,27 @@ func (r *DockerMachineReconciler) reconcileNormal(ctx context.Context, cluster * @@ -1488,5 +1488,5 @@ index e6737ab7a..00da78f90 100644 func GetClusterFromMetadata(ctx context.Context, c client.Client, obj metav1.ObjectMeta) (*clusterv1.Cluster, error) { if obj.Labels[clusterv1.ClusterNameLabel] == "" { -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0003-Unstacked-etcd-and-controlplane-upgrade.patch b/projects/kubernetes-sigs/cluster-api/patches/0003-Unstacked-etcd-and-controlplane-upgrade.patch index d0a4a81654..d2647bc326 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0003-Unstacked-etcd-and-controlplane-upgrade.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0003-Unstacked-etcd-and-controlplane-upgrade.patch @@ -1,7 +1,7 @@ -From fe961ff1eed0564a7c7327646665d8e3930b3462 Mon Sep 17 00:00:00 2001 +From 29d2da31077e2ace33144a2f7416801768b1c2ee Mon Sep 17 00:00:00 2001 From: Rajashree Mandaogane Date: Fri, 6 Aug 2021 17:16:39 -0700 -Subject: [PATCH 03/34] Unstacked etcd and controlplane upgrade +Subject: [PATCH 03/36] Unstacked etcd and controlplane upgrade Rename controlplane upgrade annotation variable @@ -152,7 +152,7 @@ index e9870d34c..adc1b2a0a 100644 const ( diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go -index 277cd2e09..0ebace482 100644 +index 098de41e6..8bc588429 100644 --- a/controlplane/kubeadm/internal/controllers/controller.go +++ b/controlplane/kubeadm/internal/controllers/controller.go @@ -196,12 +196,35 @@ func (r *KubeadmControlPlaneReconciler) Reconcile(ctx context.Context, req ctrl. @@ -191,7 +191,7 @@ index 277cd2e09..0ebace482 100644 } // Add finalizer first if not exist to avoid the race condition between init and delete -@@ -414,6 +437,25 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * +@@ -424,6 +447,25 @@ func (r *KubeadmControlPlaneReconciler) reconcile(ctx context.Context, cluster * // NOTE: we are checking the condition already exists in order to avoid to set this condition at the first // reconciliation/before a rolling upgrade actually starts. if conditions.Has(controlPlane.KCP, controlplanev1.MachinesSpecUpToDateCondition) { @@ -295,5 +295,5 @@ index 9572a8ebd..7f2a32379 100644 } -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0004-Patch-config-path-in-kubevip-manifest-for-kubeadm-co.patch b/projects/kubernetes-sigs/cluster-api/patches/0004-Patch-config-path-in-kubevip-manifest-for-kubeadm-co.patch index a1c5365922..ee974b81be 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0004-Patch-config-path-in-kubevip-manifest-for-kubeadm-co.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0004-Patch-config-path-in-kubevip-manifest-for-kubeadm-co.patch @@ -1,7 +1,7 @@ -From c42ac27757d6285f67c03be4a7aa707939e6073e Mon Sep 17 00:00:00 2001 +From ad158578b63ceb41d925d7d73e99976590face39 Mon Sep 17 00:00:00 2001 From: Guillermo Gaston Date: Thu, 19 Aug 2021 21:52:52 +0000 -Subject: [PATCH 04/34] Patch config path in kubevip manifest for kubeadm +Subject: [PATCH 04/36] Patch config path in kubevip manifest for kubeadm control plane join with bottlerocket format cr: https://code.amazon.com/reviews/CR-55711271 @@ -27,5 +27,5 @@ index b93e1164b..aecbda8f4 100644 if err != nil { return nil, errors.Wrapf(err, "failed to generate user data for machine joining control plane") -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0005-Make-pause-and-bottlerocket-bootstrap-images-updatab.patch b/projects/kubernetes-sigs/cluster-api/patches/0005-Make-pause-and-bottlerocket-bootstrap-images-updatab.patch index 202388f653..e99c4c6924 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0005-Make-pause-and-bottlerocket-bootstrap-images-updatab.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0005-Make-pause-and-bottlerocket-bootstrap-images-updatab.patch @@ -1,7 +1,7 @@ -From c6933084fdbe60993807530d6ec1fa50eaf21b6c Mon Sep 17 00:00:00 2001 +From c8011909f0200ac5683f235f790f68f7874045e1 Mon Sep 17 00:00:00 2001 From: Guillermo Gaston Date: Tue, 31 Aug 2021 15:56:28 +0000 -Subject: [PATCH 05/34] Make pause and bottlerocket bootstrap images updatable +Subject: [PATCH 05/36] Make pause and bottlerocket bootstrap images updatable in validation webhook cr: https://code.amazon.com/reviews/CR-56335855 @@ -95,5 +95,5 @@ index 6ae774051..86c02c2e5 100644 before := &KubeadmControlPlane{ ObjectMeta: metav1.ObjectMeta{ -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0006-add-support-for-registry-mirror-for-bottlerocket.patch b/projects/kubernetes-sigs/cluster-api/patches/0006-add-support-for-registry-mirror-for-bottlerocket.patch index c154c3a0e1..37338ea380 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0006-add-support-for-registry-mirror-for-bottlerocket.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0006-add-support-for-registry-mirror-for-bottlerocket.patch @@ -1,7 +1,7 @@ -From 2923c308f32554f43d4e75e5517d31b123c44bbf Mon Sep 17 00:00:00 2001 +From 60d4a63b5cfced25918dc7e58cb7ac7575512571 Mon Sep 17 00:00:00 2001 From: Abhinav Pandey Date: Tue, 21 Sep 2021 08:57:56 -0700 -Subject: [PATCH 06/34] add support for registry mirror for bottlerocket +Subject: [PATCH 06/36] add support for registry mirror for bottlerocket --- api/v1alpha2/zz_generated.conversion.go | 1007 +++++++++++++++++ @@ -1573,5 +1573,5 @@ index 5a1623e9f..5410d4145 100644 description: SkipPhases is a list of phases to skip during command execution. The list of phases can -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0007-Fix-proxy-template-for-bottlerocket-bootstrap.patch b/projects/kubernetes-sigs/cluster-api/patches/0007-Fix-proxy-template-for-bottlerocket-bootstrap.patch index 5dc934b406..dd8369ebe4 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0007-Fix-proxy-template-for-bottlerocket-bootstrap.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0007-Fix-proxy-template-for-bottlerocket-bootstrap.patch @@ -1,7 +1,7 @@ -From 8043b1bacf08f031330b3e3300b4f23cff5c0afd Mon Sep 17 00:00:00 2001 +From 68e5cf64b9598320ea77712dc397f6d0e2689db8 Mon Sep 17 00:00:00 2001 From: Rajashree Mandaogane Date: Thu, 30 Sep 2021 14:04:36 -0700 -Subject: [PATCH 07/34] Fix proxy template for bottlerocket bootstrap +Subject: [PATCH 07/36] Fix proxy template for bottlerocket bootstrap Bottlerocket expects no-proxy setting to be a comma-separated list of strings. The proxy template was parsing the input no-proxy list @@ -67,5 +67,5 @@ index f127ec4f1..9e4f8d4a5 100644 bottlerocketInput.RegistryMirrorCACert = base64.StdEncoding.EncodeToString([]byte(config.RegistryMirrorConfiguration.CACert)) } -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0008-Update-core-conversion-spoke-versions.patch b/projects/kubernetes-sigs/cluster-api/patches/0008-Update-core-conversion-spoke-versions.patch index 5d510ec52c..1da5585f03 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0008-Update-core-conversion-spoke-versions.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0008-Update-core-conversion-spoke-versions.patch @@ -1,7 +1,7 @@ -From edf479ddca346e704d6c3537c9d46cced91b4e42 Mon Sep 17 00:00:00 2001 +From b868fff601d33bf36940514bac2a2254e46f3ce7 Mon Sep 17 00:00:00 2001 From: Rajashree Mandaogane Date: Sun, 21 Nov 2021 01:16:11 -0800 -Subject: [PATCH 08/34] Update core conversion spoke versions +Subject: [PATCH 08/36] Update core conversion spoke versions --- api/v1alpha3/conversion.go | 12 ++++++++++++ @@ -116,5 +116,5 @@ index 1f0c12a79..0abe06592 100644 } -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0009-Add-bottlerocket-changes-to-capbk-v1alpha4-api.patch b/projects/kubernetes-sigs/cluster-api/patches/0009-Add-bottlerocket-changes-to-capbk-v1alpha4-api.patch index 44a77cfda6..0bf2c66b87 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0009-Add-bottlerocket-changes-to-capbk-v1alpha4-api.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0009-Add-bottlerocket-changes-to-capbk-v1alpha4-api.patch @@ -1,7 +1,7 @@ -From 87dc25feaceb86c05cf90955c695e89e9fa91985 Mon Sep 17 00:00:00 2001 +From 50d2f52fde14984ebc11474b8c9c3f7ec7d02025 Mon Sep 17 00:00:00 2001 From: Rajashree Mandaogane Date: Sun, 21 Nov 2021 20:59:58 -0800 -Subject: [PATCH 09/34] Add bottlerocket changes to capbk v1alpha4 api +Subject: [PATCH 09/36] Add bottlerocket changes to capbk v1alpha4 api --- .../kubeadm/api/v1alpha4/kubeadm_types.go | 72 ++++++++++ @@ -1113,5 +1113,5 @@ index 5410d4145..c96b0409c 100644 mounts: description: Mounts specifies a list of mount points to -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0010-Update-capbk-converions-spoke-version.patch b/projects/kubernetes-sigs/cluster-api/patches/0010-Update-capbk-converions-spoke-version.patch index 2115e9cb0c..8415ef32b4 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0010-Update-capbk-converions-spoke-version.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0010-Update-capbk-converions-spoke-version.patch @@ -1,7 +1,7 @@ -From 220209ecd32d61e3a7620879f1b731c52af6668d Mon Sep 17 00:00:00 2001 +From df402c512d416afda37c8bce4f49216cdaa54e5b Mon Sep 17 00:00:00 2001 From: Rajashree Mandaogane Date: Sun, 21 Nov 2021 21:00:31 -0800 -Subject: [PATCH 10/34] Update capbk converions spoke version +Subject: [PATCH 10/36] Update capbk converions spoke version --- .../api/v1alpha4/zz_generated.conversion.go | 180 ++++++++++++++++++ @@ -938,5 +938,5 @@ index d849616cb..9b0c13356 100644 + return autoConvert_v1beta1_RegistryMirrorConfiguration_To_upstreamv1beta3_RegistryMirrorConfiguration(in, out, s) +} -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0011-Add-status.version-to-list-of-fields-to-ignore-for-u.patch b/projects/kubernetes-sigs/cluster-api/patches/0011-Add-status.version-to-list-of-fields-to-ignore-for-u.patch index d8ad8f0313..9e3c90e1c4 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0011-Add-status.version-to-list-of-fields-to-ignore-for-u.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0011-Add-status.version-to-list-of-fields-to-ignore-for-u.patch @@ -1,7 +1,7 @@ -From 878cc3474d6acad7b87d31e1647feb05cab54d34 Mon Sep 17 00:00:00 2001 +From 13f8bc9b1a3b7363293526f10a1d039a818185f0 Mon Sep 17 00:00:00 2001 From: Vivek Koppuru Date: Wed, 12 Jan 2022 19:04:15 -0800 -Subject: [PATCH 11/34] Add status.version to list of fields to ignore for +Subject: [PATCH 11/36] Add status.version to list of fields to ignore for update --- @@ -29,5 +29,5 @@ index 263bda967..1d0d4abfd 100644 allErrs := validateKubeadmControlPlaneSpec(in.Spec, in.Namespace, field.NewPath("spec")) -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0012-Add-node-labels-support-for-bottlerocket.patch b/projects/kubernetes-sigs/cluster-api/patches/0012-Add-node-labels-support-for-bottlerocket.patch index 4bc20159f4..feb7170971 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0012-Add-node-labels-support-for-bottlerocket.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0012-Add-node-labels-support-for-bottlerocket.patch @@ -1,7 +1,7 @@ -From 82720481c283c95411b43a068118eab67f963903 Mon Sep 17 00:00:00 2001 +From c8fcd534b1356db94e6341f3b1ad981f72d51ae3 Mon Sep 17 00:00:00 2001 From: Vivek Koppuru Date: Mon, 24 Jan 2022 00:46:44 -0800 -Subject: [PATCH 12/34] Add node labels support for bottlerocket +Subject: [PATCH 12/36] Add node labels support for bottlerocket --- .../internal/bottlerocket/bootstrap.go | 9 ++++++++ @@ -139,5 +139,5 @@ index b1fb19751..8a8c04c92 100644 if err != nil { scope.Error(err, "Failed to generate cloud init for bottlerocket bootstrap control plane") -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0013-Support-worker-node-taints.patch b/projects/kubernetes-sigs/cluster-api/patches/0013-Support-worker-node-taints.patch index 34a88ff58c..9475633855 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0013-Support-worker-node-taints.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0013-Support-worker-node-taints.patch @@ -1,7 +1,7 @@ -From 8159df9cb8ac2f6d21511c02bea6370c459017cd Mon Sep 17 00:00:00 2001 +From df3e0bd42f2f07ebd137d38549e3a669738f955d Mon Sep 17 00:00:00 2001 From: Daniel Budris Date: Fri, 17 Dec 2021 13:38:39 -0800 -Subject: [PATCH 13/34] Support worker node taints +Subject: [PATCH 13/36] Support worker node taints seperate taints template into its own template @@ -151,5 +151,5 @@ index 8a8c04c92..4b08e24c8 100644 if err != nil { scope.Error(err, "Failed to create a worker bottlerocket join configuration") -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0014-support-bottle-rocket-control-plane-taints.patch b/projects/kubernetes-sigs/cluster-api/patches/0014-support-bottle-rocket-control-plane-taints.patch index 9aa521e790..1f6439ec4c 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0014-support-bottle-rocket-control-plane-taints.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0014-support-bottle-rocket-control-plane-taints.patch @@ -1,7 +1,7 @@ -From 691e15b7fe63665a9f844f9e40928f6be73b9b4c Mon Sep 17 00:00:00 2001 +From 510e80bc873334ca9bf8a909e5f8d751f34d89f0 Mon Sep 17 00:00:00 2001 From: danbudris Date: Fri, 18 Feb 2022 09:24:32 -0500 -Subject: [PATCH 14/34] support bottle rocket control plane taints +Subject: [PATCH 14/36] support bottle rocket control plane taints --- .../internal/controllers/kubeadmconfig_controller.go | 6 ++++++ @@ -32,5 +32,5 @@ index 4b08e24c8..085ff3460 100644 if err != nil { scope.Error(err, "Failed to generate cloud init for bottlerocket bootstrap control plane") -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0015-Support-configuring-bottlerocket-control-container-u.patch b/projects/kubernetes-sigs/cluster-api/patches/0015-Support-configuring-bottlerocket-control-container-u.patch index 8a0f41ad9d..47bf0938bd 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0015-Support-configuring-bottlerocket-control-container-u.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0015-Support-configuring-bottlerocket-control-container-u.patch @@ -1,7 +1,7 @@ -From e9b33a327977b5534b7818edce98e21ca494f72f Mon Sep 17 00:00:00 2001 +From e6e93edf704235f76cb4f6ce33b2febf8003a3f7 Mon Sep 17 00:00:00 2001 From: Michael Chu Date: Mon, 28 Feb 2022 09:51:25 -0800 -Subject: [PATCH 15/34] Support configuring bottlerocket control container uri +Subject: [PATCH 15/36] Support configuring bottlerocket control container uri Signed-off-by: Michael Chu --- @@ -1377,7 +1377,7 @@ index 07902b44e..dd8200e36 100644 + return out +} diff --git a/bootstrap/kubeadm/types/utils_test.go b/bootstrap/kubeadm/types/utils_test.go -index 96a245420..73c297c82 100644 +index 5153d834a..dfbbc0839 100644 --- a/bootstrap/kubeadm/types/utils_test.go +++ b/bootstrap/kubeadm/types/utils_test.go @@ -163,11 +163,16 @@ func TestMarshalClusterConfigurationForVersion(t *testing.T) { @@ -1963,5 +1963,5 @@ index 63bbea586..0fede6ce6 100644 extraArgs: bar: baz -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0016-Change-format-for-storing-etcd-machine-address.patch b/projects/kubernetes-sigs/cluster-api/patches/0016-Change-format-for-storing-etcd-machine-address.patch index 7a0d9a1418..ede767d4ad 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0016-Change-format-for-storing-etcd-machine-address.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0016-Change-format-for-storing-etcd-machine-address.patch @@ -1,7 +1,7 @@ -From 2abb7c47fb165172d7495c4edc633e819da207d1 Mon Sep 17 00:00:00 2001 +From 1f95e8261f8b0557dbb149697c64c5baebc868b1 Mon Sep 17 00:00:00 2001 From: Rajashree Mandaogane Date: Thu, 3 Mar 2022 15:01:35 -0800 -Subject: [PATCH 16/34] Change format for storing etcd machine address +Subject: [PATCH 16/36] Change format for storing etcd machine address Once the first etcd member is initialized, the machine controller has to update the secret with the address of the machine, so it can be used @@ -39,5 +39,5 @@ index 03806a1b7..4181ca366 100644 Type: clusterv1.ClusterSecretType, } -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0017-Parse-provider-id-from-kubelet-extra-args.patch b/projects/kubernetes-sigs/cluster-api/patches/0017-Parse-provider-id-from-kubelet-extra-args.patch index 00587d0fb2..7408d58122 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0017-Parse-provider-id-from-kubelet-extra-args.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0017-Parse-provider-id-from-kubelet-extra-args.patch @@ -1,7 +1,7 @@ -From eaaf70d2b125dd9ef6780051c3b17670150a8dbd Mon Sep 17 00:00:00 2001 +From 5a3577c43814bd2630a9076f67c13841010ec823 Mon Sep 17 00:00:00 2001 From: Vignesh Goutham Ganesh Date: Wed, 8 Jun 2022 10:27:26 -0700 -Subject: [PATCH 17/34] Parse provider-id from kubelet extra args +Subject: [PATCH 17/36] Parse provider-id from kubelet extra args Signed-off-by: Vignesh Goutham Ganesh --- @@ -44,5 +44,5 @@ index e635308ea..3a760d51a 100644 if config.BottlerocketControl.ImageRepository != "" && config.BottlerocketControl.ImageTag != "" { bottlerocketInput.ControlContainerSource = fmt.Sprintf("%s:%s", config.BottlerocketControl.ImageRepository, config.BottlerocketControl.ImageTag) -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0018-Add-bottlerocket-control-image-on-nodes-joining-a-ne.patch b/projects/kubernetes-sigs/cluster-api/patches/0018-Add-bottlerocket-control-image-on-nodes-joining-a-ne.patch index 90c17883e2..53879addbf 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0018-Add-bottlerocket-control-image-on-nodes-joining-a-ne.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0018-Add-bottlerocket-control-image-on-nodes-joining-a-ne.patch @@ -1,7 +1,7 @@ -From a0d395adf68706f3a865de58db1fa9ba06e219fd Mon Sep 17 00:00:00 2001 +From c7a2d14587c5ee34776f1b2f7e7eb68046639e2f Mon Sep 17 00:00:00 2001 From: Victor Pineda Date: Sun, 19 Jun 2022 10:39:50 -0700 -Subject: [PATCH 18/34] Add bottlerocket control image on nodes joining a new +Subject: [PATCH 18/36] Add bottlerocket control image on nodes joining a new cluster --- @@ -21,5 +21,5 @@ index bc5561a56..2d536dd33 100644 if scope.Config.Spec.JoinConfiguration.Proxy.HTTPSProxy != "" { bottlerocketConfig.ProxyConfiguration = scope.Config.Spec.JoinConfiguration.Proxy -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0019-Add-feature-to-specifiy-additional-host-containers-i.patch b/projects/kubernetes-sigs/cluster-api/patches/0019-Add-feature-to-specifiy-additional-host-containers-i.patch index 63770c22f9..c8ffe24860 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0019-Add-feature-to-specifiy-additional-host-containers-i.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0019-Add-feature-to-specifiy-additional-host-containers-i.patch @@ -1,7 +1,7 @@ -From cf87eefd75a5983560a264b49b82ff279f38366d Mon Sep 17 00:00:00 2001 +From 45b0cac457863c787268758d5823bdc641a8fbbe Mon Sep 17 00:00:00 2001 From: Victor Pineda Date: Tue, 21 Jun 2022 07:50:19 -0700 -Subject: [PATCH 19/34] Add feature to specifiy additional host containers in +Subject: [PATCH 19/36] Add feature to specifiy additional host containers in BR Host containers are a feature within BR that allows us to pull images @@ -1149,5 +1149,5 @@ index e11d335ee..1cf471a08 100644 description: 'CACertPath is the path to the SSL certificate authority used to secure comunications between node -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0020-Add-bottlerocket-custom-bootstrap-containers-config-.patch b/projects/kubernetes-sigs/cluster-api/patches/0020-Add-bottlerocket-custom-bootstrap-containers-config-.patch index 4bc11665a8..43b771c896 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0020-Add-bottlerocket-custom-bootstrap-containers-config-.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0020-Add-bottlerocket-custom-bootstrap-containers-config-.patch @@ -1,7 +1,7 @@ -From 463341426fdd560440e5f539a96853558666f7c0 Mon Sep 17 00:00:00 2001 +From 997ca9ac109e9c4bfb9deec51fb2cb18eed62ebe Mon Sep 17 00:00:00 2001 From: Jiayi Wang Date: Mon, 21 Nov 2022 17:31:22 -0500 -Subject: [PATCH 20/34] Add bottlerocket custom bootstrap containers config +Subject: [PATCH 20/36] Add bottlerocket custom bootstrap containers config option --- @@ -949,5 +949,5 @@ index 1cf471a08..235ff121f 100644 description: BottlerocketCustomHostContainers contains the information of any additional images that we -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0021-Support-configuring-bottlerocket-admin-container-ima.patch b/projects/kubernetes-sigs/cluster-api/patches/0021-Support-configuring-bottlerocket-admin-container-ima.patch index 1282e0ea3c..9f65289d62 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0021-Support-configuring-bottlerocket-admin-container-ima.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0021-Support-configuring-bottlerocket-admin-container-ima.patch @@ -1,7 +1,7 @@ -From 75fd099d79ae1138c7b3435e4240895db5faa39c Mon Sep 17 00:00:00 2001 +From 946645d6ec749e4ce284b6a1da04b29ee3545b07 Mon Sep 17 00:00:00 2001 From: Jiayi Wang Date: Wed, 23 Nov 2022 09:26:28 -0500 -Subject: [PATCH 21/34] Support configuring bottlerocket admin container image +Subject: [PATCH 21/36] Support configuring bottlerocket admin container image --- .../api/v1alpha4/zz_generated.conversion.go | 2 + @@ -540,5 +540,5 @@ index 235ff121f..e435df3e1 100644 description: BottlerocketBootstrap holds the image source for kubeadm bootstrap container This is only -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0022-Make-bottlerocket-admin-control-custom-bootstrap-con.patch b/projects/kubernetes-sigs/cluster-api/patches/0022-Make-bottlerocket-admin-control-custom-bootstrap-con.patch index 73e2b8cf15..7f686a4eed 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0022-Make-bottlerocket-admin-control-custom-bootstrap-con.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0022-Make-bottlerocket-admin-control-custom-bootstrap-con.patch @@ -1,7 +1,7 @@ -From 3f6b9230f93d60545035483568267dd5b1f59fda Mon Sep 17 00:00:00 2001 +From 3a62efa743701278083835f1c48eedc75fd3440b Mon Sep 17 00:00:00 2001 From: Jiayi Wang Date: Thu, 5 Jan 2023 14:56:09 -0500 -Subject: [PATCH 22/34] Make bottlerocket admin, control, custom bootstrap +Subject: [PATCH 22/36] Make bottlerocket admin, control, custom bootstrap container images updatable in webhook --- @@ -113,5 +113,5 @@ index 86c02c2e5..38caa9e1e 100644 for _, tt := range tests { -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0023-Mark-etcd-machine-status-to-running-after-etcd-contr.patch b/projects/kubernetes-sigs/cluster-api/patches/0023-Mark-etcd-machine-status-to-running-after-etcd-contr.patch index 02045697be..08e5c9707d 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0023-Mark-etcd-machine-status-to-running-after-etcd-contr.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0023-Mark-etcd-machine-status-to-running-after-etcd-contr.patch @@ -1,7 +1,7 @@ -From 4dc52d8bb4be8f1b6bf8784f09ab0605c7acd46c Mon Sep 17 00:00:00 2001 +From 13c8ef4731780a212c4913f4e43922a946785c27 Mon Sep 17 00:00:00 2001 From: Jiayi Wang Date: Mon, 9 Jan 2023 15:41:05 -0500 -Subject: [PATCH 23/34] Mark etcd machine status to running after etcd +Subject: [PATCH 23/36] Mark etcd machine status to running after etcd controller adds the etcd machine ready label --- @@ -42,5 +42,5 @@ index 4181ca366..5e846594a 100644 } } -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0024-add-support-for-registry-credentials.patch b/projects/kubernetes-sigs/cluster-api/patches/0024-add-support-for-registry-credentials.patch index 04ab681398..68f1298a2f 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0024-add-support-for-registry-credentials.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0024-add-support-for-registry-credentials.patch @@ -1,7 +1,7 @@ -From 5060971cf912cd4fa9925c5e659d841c08879d12 Mon Sep 17 00:00:00 2001 +From a7fa9af9627bd2c11a353364330f5311487a5d4c Mon Sep 17 00:00:00 2001 From: Ahree Hong Date: Wed, 14 Dec 2022 12:47:42 -0800 -Subject: [PATCH 24/34] add support for registry credentials +Subject: [PATCH 24/36] add support for registry credentials Signed-off-by: Ahree Hong --- @@ -236,5 +236,5 @@ index 043764325..17abd5d70 100644 // Purpose is the name to append to the secret generated for a cluster. -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0025-Add-support-for-configuring-NTP-servers-on-bottleroc.patch b/projects/kubernetes-sigs/cluster-api/patches/0025-Add-support-for-configuring-NTP-servers-on-bottleroc.patch index 6fdaa21fc4..7c56a7b01c 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0025-Add-support-for-configuring-NTP-servers-on-bottleroc.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0025-Add-support-for-configuring-NTP-servers-on-bottleroc.patch @@ -1,7 +1,7 @@ -From c7b2636cfd337c9e419c7d94f8696f1fda1b0746 Mon Sep 17 00:00:00 2001 +From 9cce1d48111e9f1bf8fb399d9afe5fe5c210ab2d Mon Sep 17 00:00:00 2001 From: Abhinav Date: Wed, 1 Feb 2023 16:34:23 -0800 -Subject: [PATCH 25/34] Add support for configuring NTP servers on bottlerocket +Subject: [PATCH 25/36] Add support for configuring NTP servers on bottlerocket through CAPI Signed-off-by: Abhinav @@ -180,5 +180,5 @@ index afaab8a16..fbf7b634f 100644 // requests for reconciliation of KubeadmConfigs. func (r *KubeadmConfigReconciler) ClusterToKubeadmConfigs(o client.Object) []ctrl.Request { -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0026-set-hostname-for-BR-nodes.patch b/projects/kubernetes-sigs/cluster-api/patches/0026-set-hostname-for-BR-nodes.patch index 1caecc1870..0d61fd8a54 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0026-set-hostname-for-BR-nodes.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0026-set-hostname-for-BR-nodes.patch @@ -1,7 +1,7 @@ -From e8f247f1e697abaf144dc18f81392d490ff7c39f Mon Sep 17 00:00:00 2001 +From 99f98659116f4386b4b2f0ffb0d1952f12d97d79 Mon Sep 17 00:00:00 2001 From: Ahree Hong Date: Tue, 7 Feb 2023 14:26:36 -0800 -Subject: [PATCH 26/34] set hostname for BR nodes +Subject: [PATCH 26/36] set hostname for BR nodes Signed-off-by: Ahree Hong --- @@ -254,5 +254,5 @@ index fbf7b634f..448fbb70b 100644 if scope.Config.Spec.JoinConfiguration.Proxy.HTTPSProxy != "" { bottlerocketConfig.ProxyConfiguration = scope.Config.Spec.JoinConfiguration.Proxy -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0027-Add-bottlerocket-k8s-settings-support.patch b/projects/kubernetes-sigs/cluster-api/patches/0027-Add-bottlerocket-k8s-settings-support.patch index 7b7b92c88b..7100987043 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0027-Add-bottlerocket-k8s-settings-support.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0027-Add-bottlerocket-k8s-settings-support.patch @@ -1,7 +1,7 @@ -From 71adcc801b85a86116d5cc1505f011161b310564 Mon Sep 17 00:00:00 2001 +From 1487689e2b342a62c0af37aac92440534a9020a0 Mon Sep 17 00:00:00 2001 From: Abhinav Pandey Date: Thu, 2 Mar 2023 10:18:07 -0800 -Subject: [PATCH 27/34] Add bottlerocket k8s settings support +Subject: [PATCH 27/36] Add bottlerocket k8s settings support Signed-off-by: Abhinav Pandey --- @@ -26,7 +26,7 @@ Signed-off-by: Abhinav Pandey 18 files changed, 741 insertions(+), 189 deletions(-) diff --git a/api/v1beta1/zz_generated.openapi.go b/api/v1beta1/zz_generated.openapi.go -index 45a5e207e..57b5ef5c5 100644 +index e97701dcf..ec3381651 100644 --- a/api/v1beta1/zz_generated.openapi.go +++ b/api/v1beta1/zz_generated.openapi.go @@ -716,6 +716,12 @@ func schema_sigsk8sio_cluster_api_api_v1beta1_ClusterSpec(ref common.ReferenceCa @@ -1446,5 +1446,5 @@ index e435df3e1..1302cc4e1 100644 description: BottlerocketAdmin holds the image source for admin container This is only for bottlerocket -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0028-add-br-kernel.sysctl-settings.patch b/projects/kubernetes-sigs/cluster-api/patches/0028-add-br-kernel.sysctl-settings.patch index f1e6cffdf6..3e552382c1 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0028-add-br-kernel.sysctl-settings.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0028-add-br-kernel.sysctl-settings.patch @@ -1,7 +1,7 @@ -From 1b00312380a9f5c6a82c45dcc6cd2194901ae08f Mon Sep 17 00:00:00 2001 +From 1eba46b5a2237d6f1add00207e8c2a4be44de8b4 Mon Sep 17 00:00:00 2001 From: Ahree Hong Date: Tue, 7 Mar 2023 14:01:39 -0800 -Subject: [PATCH 28/34] add br kernel.sysctl settings +Subject: [PATCH 28/36] add br kernel.sysctl settings Signed-off-by: Ahree Hong --- @@ -442,5 +442,5 @@ index 1302cc4e1..933f00038 100644 description: Kubernetes holds the kubernetes settings for bottlerocket nodes. -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0029-add-boot-kernel-settings-for-BR.patch b/projects/kubernetes-sigs/cluster-api/patches/0029-add-boot-kernel-settings-for-BR.patch index b61592e0fc..9b0d13a717 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0029-add-boot-kernel-settings-for-BR.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0029-add-boot-kernel-settings-for-BR.patch @@ -1,7 +1,7 @@ -From f70d9d11fa9b33cb3cd3410ff172e4460bda2971 Mon Sep 17 00:00:00 2001 +From 8e27442c85d0a1f6d3e174e00f3959e219f7334b Mon Sep 17 00:00:00 2001 From: Ahree Hong Date: Thu, 23 Mar 2023 01:51:16 -0700 -Subject: [PATCH 29/34] add boot kernel settings for BR +Subject: [PATCH 29/36] add boot kernel settings for BR Signed-off-by: Ahree Hong --- @@ -464,5 +464,5 @@ index 5e846594a..9be6ddb34 100644 }, Type: clusterv1.ClusterSecretType, -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0030-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch b/projects/kubernetes-sigs/cluster-api/patches/0030-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch index 9c3cb4b0de..76c735e693 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0030-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0030-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch @@ -1,7 +1,7 @@ -From bb7ef0bc3f5a2d8b9d2a0ca5b26e19ee8087fb73 Mon Sep 17 00:00:00 2001 +From f87d2baa7b2102dc5c7c1ae34fb8eb3ea9404ee8 Mon Sep 17 00:00:00 2001 From: Jackson West Date: Sat, 6 May 2023 14:08:17 -0500 -Subject: [PATCH 30/34] Patch haproxy maxconn value to avoid ulimit issue +Subject: [PATCH 30/36] Patch haproxy maxconn value to avoid ulimit issue EKS-A uses haproxy 2.5 which errors if the maxconn value requires more FDs than allowed by the ulimit setting of docker. @@ -29,5 +29,5 @@ index 8d2f70a02..1c6e7a68e 100644 resolvers docker nameserver dns 127.0.0.11:53 -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0031-Add-support-for-custom-cert-bundles-in-BR-21.patch b/projects/kubernetes-sigs/cluster-api/patches/0031-Add-support-for-custom-cert-bundles-in-BR-21.patch index 42598c9173..261e9d55f3 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0031-Add-support-for-custom-cert-bundles-in-BR-21.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0031-Add-support-for-custom-cert-bundles-in-BR-21.patch @@ -1,7 +1,7 @@ -From 2527a96b3f76981fb31024966b2c5373989cd36f Mon Sep 17 00:00:00 2001 +From dbbdf25b2b64dfd3537c8b9b1483378e4b7e766a Mon Sep 17 00:00:00 2001 From: ahreehong <46465244+ahreehong@users.noreply.github.com> Date: Fri, 19 May 2023 16:29:08 -0400 -Subject: [PATCH 31/34] Add support for custom cert bundles in BR (#21) +Subject: [PATCH 31/36] Add support for custom cert bundles in BR (#21) * add support for custom cert bundles br @@ -586,5 +586,5 @@ index a79e90dea..7821a39d5 100644 description: ControlPlane defines the additional control plane instance to be deployed on the joining node. -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0032-CAPI-Move-Cluster-Filter.patch b/projects/kubernetes-sigs/cluster-api/patches/0032-CAPI-Move-Cluster-Filter.patch index f4c74ea922..4dec2ff495 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0032-CAPI-Move-Cluster-Filter.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0032-CAPI-Move-Cluster-Filter.patch @@ -1,7 +1,7 @@ -From 7fc98f44c14f3025af988890f99c74213692fe42 Mon Sep 17 00:00:00 2001 +From 15e30c59bdf6eba969c924790a292ccafc9bcf52 Mon Sep 17 00:00:00 2001 From: Vignesh Goutham Ganesh Date: Tue, 16 May 2023 11:03:09 -0500 -Subject: [PATCH 32/34] CAPI Move Cluster Filter +Subject: [PATCH 32/36] CAPI Move Cluster Filter Signed-off-by: Vignesh Goutham Ganesh --- @@ -466,5 +466,5 @@ index c75557e0a..04b1ef8fe 100644 }) } -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0033-Move-objects-with-force-move-label-and-no-cluster-te.patch b/projects/kubernetes-sigs/cluster-api/patches/0033-Move-objects-with-force-move-label-and-no-cluster-te.patch index ecb43d7f4f..fd43d965d9 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0033-Move-objects-with-force-move-label-and-no-cluster-te.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0033-Move-objects-with-force-move-label-and-no-cluster-te.patch @@ -1,7 +1,7 @@ -From 4f761b7fd87601f685e077aadf0c7c8d2a1ab101 Mon Sep 17 00:00:00 2001 +From 04f31aaea89fd39115e2abdc585716af9947847c Mon Sep 17 00:00:00 2001 From: Vignesh Goutham Ganesh Date: Tue, 30 May 2023 10:14:31 -0500 -Subject: [PATCH 33/34] Move objects with force move label and no cluster +Subject: [PATCH 33/36] Move objects with force move label and no cluster tenants Signed-off-by: Vignesh Goutham Ganesh @@ -84,5 +84,5 @@ index 46572d62f..9100880e1 100644 for _, tt := range tests { -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0034-allow-registry-mirror-configurations-to-be-mutable-f.patch b/projects/kubernetes-sigs/cluster-api/patches/0034-allow-registry-mirror-configurations-to-be-mutable-f.patch index 2facb01482..02ff5af11b 100644 --- a/projects/kubernetes-sigs/cluster-api/patches/0034-allow-registry-mirror-configurations-to-be-mutable-f.patch +++ b/projects/kubernetes-sigs/cluster-api/patches/0034-allow-registry-mirror-configurations-to-be-mutable-f.patch @@ -1,4 +1,4 @@ -From 06a4bf0368897ae359836833505dbc236a395d52 Mon Sep 17 00:00:00 2001 +From eb097f2a1eeae716f3d2f1e4ab26c24e04b9ceb2 Mon Sep 17 00:00:00 2001 From: Cavaughn Browne Date: Thu, 20 Jul 2023 11:05:49 -0500 Subject: [PATCH 34/34] allow registry mirror configurations to be mutable for @@ -107,5 +107,5 @@ index 38caa9e1e..45eb1976e 100644 for _, tt := range tests { -- -2.34.1 +2.39.2 diff --git a/projects/kubernetes-sigs/cluster-api/patches/0035-Add-support-for-external-etcd-machines-in-Kind-mappe.patch b/projects/kubernetes-sigs/cluster-api/patches/0035-Add-support-for-external-etcd-machines-in-Kind-mappe.patch new file mode 100644 index 0000000000..1ff6ac4500 --- /dev/null +++ b/projects/kubernetes-sigs/cluster-api/patches/0035-Add-support-for-external-etcd-machines-in-Kind-mappe.patch @@ -0,0 +1,189 @@ +From a5366cd61f5a3eb3d692164ba67d98ba7cd72ff4 Mon Sep 17 00:00:00 2001 +From: Prow Bot +Date: Wed, 16 Aug 2023 19:58:01 -0700 +Subject: [PATCH] Add support for external etcd machines in Kind mapper + +--- + .../docker/exp/internal/docker/nodepool.go | 4 +- + .../controllers/dockermachine_controller.go | 13 ++-- + .../docker/internal/docker/machine.go | 69 +++++++++++++------ + 3 files changed, 54 insertions(+), 32 deletions(-) + +diff --git a/test/infrastructure/docker/exp/internal/docker/nodepool.go b/test/infrastructure/docker/exp/internal/docker/nodepool.go +index 1a46d283a..9e1705cac 100644 +--- a/test/infrastructure/docker/exp/internal/docker/nodepool.go ++++ b/test/infrastructure/docker/exp/internal/docker/nodepool.go +@@ -219,7 +219,7 @@ func (np *NodePool) addMachine(ctx context.Context) error { + } + } + +- if err := externalMachine.Create(ctx, np.dockerMachinePool.Spec.Template.CustomImage, constants.WorkerNodeRoleValue, np.machinePool.Spec.Template.Spec.Version, labels, np.dockerMachinePool.Spec.Template.ExtraMounts); err != nil { ++ if err := externalMachine.Create(ctx, np.dockerMachinePool.Spec.Template.CustomImage, constants.WorkerNodeRoleValue, np.machinePool.Spec.Template.Spec.Version, labels, np.dockerMachinePool.Spec.Template.ExtraMounts, false); err != nil { + return errors.Wrapf(err, "failed to create docker machine with instance name %s", instanceName) + } + return nil +@@ -301,7 +301,7 @@ func (np *NodePool) reconcileMachine(ctx context.Context, machine *docker.Machin + } + + // Run the bootstrap script. Simulates cloud-init/Ignition. +- if err := externalMachine.ExecBootstrap(timeoutCtx, bootstrapData, format, np.machinePool.Spec.Template.Spec.Version, np.dockerMachinePool.Spec.Template.CustomImage); err != nil { ++ if err := externalMachine.ExecBootstrap(timeoutCtx, bootstrapData, format, np.machinePool.Spec.Template.Spec.Version, np.dockerMachinePool.Spec.Template.CustomImage, false); err != nil { + return ctrl.Result{}, errors.Wrapf(err, "failed to exec DockerMachinePool instance bootstrap for instance named %s", machine.Name()) + } + // Check for bootstrap success +diff --git a/test/infrastructure/docker/internal/controllers/dockermachine_controller.go b/test/infrastructure/docker/internal/controllers/dockermachine_controller.go +index decaafda4..00cbe0d39 100644 +--- a/test/infrastructure/docker/internal/controllers/dockermachine_controller.go ++++ b/test/infrastructure/docker/internal/controllers/dockermachine_controller.go +@@ -252,7 +252,7 @@ func (r *DockerMachineReconciler) reconcileNormal(ctx context.Context, cluster * + if !externalMachine.Exists() { + // NOTE: FailureDomains don't mean much in CAPD since it's all local, but we are setting a label on + // each container, so we can check placement. +- if err := externalMachine.Create(ctx, dockerMachine.Spec.CustomImage, role, machine.Spec.Version, docker.FailureDomainLabel(machine.Spec.FailureDomain), dockerMachine.Spec.ExtraMounts); err != nil { ++ if err := externalMachine.Create(ctx, dockerMachine.Spec.CustomImage, role, machine.Spec.Version, docker.FailureDomainLabel(machine.Spec.FailureDomain), dockerMachine.Spec.ExtraMounts, util.IsEtcdMachine(machine)); err != nil { + return ctrl.Result{}, errors.Wrap(err, "failed to create worker DockerMachine") + } + } +@@ -332,7 +332,7 @@ func (r *DockerMachineReconciler) reconcileNormal(ctx context.Context, cluster * + }() + + // Run the bootstrap script. Simulates cloud-init/Ignition. +- if err := externalMachine.ExecBootstrap(timeoutCtx, bootstrapData, format, machine.Spec.Version, dockerMachine.Spec.CustomImage); err != nil { ++ if err := externalMachine.ExecBootstrap(timeoutCtx, bootstrapData, format, machine.Spec.Version, dockerMachine.Spec.CustomImage, util.IsEtcdMachine(machine)); err != nil { + conditions.MarkFalse(dockerMachine, infrav1.BootstrapExecSucceededCondition, infrav1.BootstrapFailedReason, clusterv1.ConditionSeverityWarning, "Repeating bootstrap") + return ctrl.Result{}, errors.Wrap(err, "failed to exec DockerMachine bootstrap") + } +@@ -361,12 +361,12 @@ func (r *DockerMachineReconciler) reconcileNormal(ctx context.Context, cluster * + // Machine will never get a node ref as ProviderID is required to set the node ref, so we would get a deadlock. + if cluster.Spec.ControlPlaneRef != nil && + !conditions.IsTrue(cluster, clusterv1.ControlPlaneInitializedCondition) && +- !isEtcdMachine(machine) { ++ !util.IsEtcdMachine(machine) { + return ctrl.Result{RequeueAfter: 15 * time.Second}, nil + } + + // In case of an etcd cluster, there is no concept of kubernetes node. So we can generate the node Provider ID and set it on machine spec directly +- if !isEtcdMachine(machine) { ++ if !util.IsEtcdMachine(machine) { + // Usually a cloud provider will do this, but there is no docker-cloud provider. + // Requeue if there is an error, as this is likely momentary load balancer + // state changes during control plane provisioning. +@@ -534,8 +534,3 @@ func setMachineAddress(ctx context.Context, dockerMachine *infrav1.DockerMachine + } + return nil + } +- +-func isEtcdMachine(machine *clusterv1.Machine) bool { +- _, ok := machine.Labels[clusterv1.MachineEtcdClusterLabelName] +- return ok +-} +diff --git a/test/infrastructure/docker/internal/docker/machine.go b/test/infrastructure/docker/internal/docker/machine.go +index 12bda2cb2..2001d5348 100644 +--- a/test/infrastructure/docker/internal/docker/machine.go ++++ b/test/infrastructure/docker/internal/docker/machine.go +@@ -47,6 +47,7 @@ import ( + "sigs.k8s.io/cluster-api/test/infrastructure/docker/internal/provisioning/ignition" + "sigs.k8s.io/cluster-api/test/infrastructure/kind" + "sigs.k8s.io/cluster-api/util/patch" ++ versionutil "sigs.k8s.io/cluster-api/util/version" + ) + + type nodeCreator interface { +@@ -192,23 +193,35 @@ func (m *Machine) ContainerImage() string { + } + + // Create creates a docker container hosting a Kubernetes node. +-func (m *Machine) Create(ctx context.Context, image string, role string, version *string, labels map[string]string, mounts []infrav1.Mount) error { ++func (m *Machine) Create(ctx context.Context, image string, role string, version *string, labels map[string]string, mounts []infrav1.Mount, isEtcdMachine bool) error { + log := ctrl.LoggerFrom(ctx) + + // Create if not exists. + if m.container == nil { + var err error ++ var semVer semver.Version ++ ++ // External etcd machines do not set a version field in the machine.Spec.Version. ++ // So we are parsing the Kubernetes semantic version from the Kind node tag and ++ // using that to get the Kind Mapping. ++ if isEtcdMachine { ++ nodeImageTag := strings.Split(image, ":")[1] ++ semVer, err = versionutil.ParseMajorMinorPatch(nodeImageTag) ++ if err != nil { ++ return errors.Wrap(err, "failed to parse semantic version from image tag") ++ } ++ } else { ++ // Parse the semver from the Spec.Version if not nil and get the KindMapping using the semver. ++ // NOTE: The KindMapping allows to select the most recent kindest/node image available, if any, as well as ++ // provide info about the mode to be used when starting the kindest/node image itself. ++ if version == nil { ++ return errors.New("cannot create a DockerMachine for a nil version") ++ } + +- // Get the KindMapping for the target K8s version. +- // NOTE: The KindMapping allows to select the most recent kindest/node image available, if any, as well as +- // provide info about the mode to be used when starting the kindest/node image itself. +- if version == nil { +- return errors.New("cannot create a DockerMachine for a nil version") +- } +- +- semVer, err := semver.Parse(strings.TrimPrefix(*version, "v")) +- if err != nil { +- return errors.Wrap(err, "failed to parse DockerMachine version") ++ semVer, err = semver.Parse(strings.TrimPrefix(*version, "v")) ++ if err != nil { ++ return errors.Wrap(err, "failed to parse DockerMachine version") ++ } + } + + kindMapping := kind.GetMapping(semVer, image) +@@ -320,23 +333,37 @@ func (m *Machine) PreloadLoadImages(ctx context.Context, images []string) error + } + + // ExecBootstrap runs bootstrap on a node, this is generally `kubeadm `. +-func (m *Machine) ExecBootstrap(ctx context.Context, data string, format bootstrapv1.Format, version *string, image string) error { ++func (m *Machine) ExecBootstrap(ctx context.Context, data string, format bootstrapv1.Format, version *string, image string, isEtcdMachine bool) error { + log := ctrl.LoggerFrom(ctx) + + if m.container == nil { + return errors.New("unable to set ExecBootstrap. the container hosting this machine does not exists") + } + +- // Get the kindMapping for the target K8s version. +- // NOTE: The kindMapping allows to select the most recent kindest/node image available, if any, as well as +- // provide info about the mode to be used when starting the kindest/node image itself. +- if version == nil { +- return errors.New("cannot create a DockerMachine for a nil version") +- } ++ var err error ++ var semVer semver.Version + +- semVer, err := semver.Parse(strings.TrimPrefix(*version, "v")) +- if err != nil { +- return errors.Wrap(err, "failed to parse DockerMachine version") ++ // External etcd machines do not set a version field in the machine.Spec.Version. ++ // So we are parsing the Kubernetes semantic version from the Kind node tag and ++ // using that to get the Kind Mapping. ++ if isEtcdMachine { ++ nodeImageTag := strings.Split(image, ":")[1] ++ semVer, err = versionutil.ParseMajorMinorPatch(nodeImageTag) ++ if err != nil { ++ return errors.Wrap(err, "failed to parse semantic version from image tag") ++ } ++ } else { ++ // Parse the semver from the Spec.Version if not nil and get the KindMapping using the semver. ++ // NOTE: The KindMapping allows to select the most recent kindest/node image available, if any, as well as ++ // provide info about the mode to be used when starting the kindest/node image itself. ++ if version == nil { ++ return errors.New("cannot create a DockerMachine for a nil version") ++ } ++ ++ semVer, err = semver.Parse(strings.TrimPrefix(*version, "v")) ++ if err != nil { ++ return errors.Wrap(err, "failed to parse DockerMachine version") ++ } + } + + kindMapping := kind.GetMapping(semVer, image) +-- +2.39.2 + diff --git a/projects/kubernetes-sigs/cri-tools/README.md b/projects/kubernetes-sigs/cri-tools/README.md index a40dcc884e..b8de883853 100644 --- a/projects/kubernetes-sigs/cri-tools/README.md +++ b/projects/kubernetes-sigs/cri-tools/README.md @@ -1,5 +1,5 @@ ## **CRI Tools** -![Version](https://img.shields.io/badge/version-v1.26.1-blue) +![Version](https://img.shields.io/badge/version-v1.27.0-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiUUlRZXJEVUxWcjI1OE8weVdXQnY4alBSU1lxVm1FOGVoZE83VldDbjJiaFBtY25XT3NIK1RhckZkQXZGclZDSkVLUG5PMmd5K2J2RVlSYk9pclUybC9zPSIsIml2UGFyYW1ldGVyU3BlYyI6IkF3RGUzVDFhVlB0eUlGMWwiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) The [CRI tools project](https://github.com/kubernetes-sigs/cri-tools) provides a CLI and validation tools for the `kubelet`'s Container Runtime Interface (CRI). This allows CRI runtime developers to debug their runtimes (like `containerd`, `CRI-O`, etc.) without needing to set up Kubernetes components. The `crictl` CLI can perform numerous functions such as running containers, fetching logs, listing conatiner stats, removing images, etc. diff --git a/projects/kubernetes-sigs/kind/ATTRIBUTION.txt b/projects/kubernetes-sigs/kind/ATTRIBUTION.txt index 2979916389..d460c8d4e6 100644 --- a/projects/kubernetes-sigs/kind/ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/kind/ATTRIBUTION.txt @@ -11,7 +11,7 @@ https://github.com/spf13/cobra ** gopkg.in/yaml.v2; version v2.4.0 -- https://gopkg.in/yaml.v2 -** sigs.k8s.io/kind; version v0.18.0 -- +** sigs.k8s.io/kind; version v0.20.0 -- https://github.com/kubernetes-sigs/kind diff --git a/projects/kubernetes-sigs/kind/CHECKSUMS b/projects/kubernetes-sigs/kind/CHECKSUMS index c1cae58cc0..6c27ae6092 100644 --- a/projects/kubernetes-sigs/kind/CHECKSUMS +++ b/projects/kubernetes-sigs/kind/CHECKSUMS @@ -1,4 +1,4 @@ -057fc05e48a0566cc13bab1568acd6d66c068521ab38d8d3316b3b412923bd1f _output/bin/kind/linux-amd64/kind -b39cbfb49a362a4f0e927b541025cea89fc7c6ca1792b2e28965713e9493090d _output/bin/kind/linux-amd64/kindnetd -fe588e4d6e367eba755530577f107986e13b77c770faaba55770dc667e8ef5fe _output/bin/kind/linux-arm64/kind -caabe7940bf5713902ca848904b878d50eaa1d93f091cefbf3a15efb110b566f _output/bin/kind/linux-arm64/kindnetd +3201b5e1d3199dd1271ffde0f272a42eef76826ff84a18ac1ab98f58d0d9fdf3 _output/bin/kind/linux-amd64/kind +5ac16b95376ffbd6a5af04d238616050bf3ea6bc2c78b99a32d60fa110363def _output/bin/kind/linux-amd64/kindnetd +0f694a8dc8886e23e4b73b5bc7d18e0b0d7ab0e00ab37100fef12acda0ee2aa1 _output/bin/kind/linux-arm64/kind +20a4aaeea684463d2518ecc8cfe6722975eed72cc3aac7557e107396732d0273 _output/bin/kind/linux-arm64/kindnetd diff --git a/projects/kubernetes-sigs/kind/GIT_TAG b/projects/kubernetes-sigs/kind/GIT_TAG index a86d3df725..1847373e96 100644 --- a/projects/kubernetes-sigs/kind/GIT_TAG +++ b/projects/kubernetes-sigs/kind/GIT_TAG @@ -1 +1 @@ -v0.18.0 +v0.20.0 diff --git a/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt b/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt index 1b7e3bd3c8..7b9a89dcd4 100644 --- a/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt +++ b/projects/kubernetes-sigs/kind/KINDNETD_ATTRIBUTION.txt @@ -59,7 +59,7 @@ https://github.com/kubernetes/utils ** sigs.k8s.io/json; version v0.0.0-20220713155537-f223a00ba0e2 -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/kind/images/kindnetd/cmd/kindnetd; version v0.18.0 -- +** sigs.k8s.io/kind/images/kindnetd/cmd/kindnetd; version v0.20.0 -- https://github.com/kubernetes-sigs/kind ** sigs.k8s.io/structured-merge-diff/v4; version v4.2.3 -- diff --git a/projects/kubernetes-sigs/kind/README.md b/projects/kubernetes-sigs/kind/README.md index 658c8679ad..4dd3449450 100644 --- a/projects/kubernetes-sigs/kind/README.md +++ b/projects/kubernetes-sigs/kind/README.md @@ -1,5 +1,5 @@ ## **Kind** -![Version](https://img.shields.io/badge/version-v0.18.0-blue) +![Version](https://img.shields.io/badge/version-v0.20.0-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiVkgvQm93WHUvUWJ1U2ZhSG9JTUJNMFdjdGtwSkIyRCt1azM0THYxcWYweC8rM2lHRmNYMXI0QkVPUm4yZ0JZZ1c4RzdMeTJ3dGtpREdYeFpvTEhtc2FnPSIsIml2UGFyYW1ldGVyU3BlYyI6Im9GV2EzRGZQNVZ5c25kTmoiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [Kind](https://github.com/kubernetes-sigs/kind) is a tool for running local Kubernetes clusters using Docker container "nodes". kind bootstraps each "node" with `kubeadm`. kind consists of: diff --git a/projects/kubernetes-sigs/kind/build/node-image-build-args.sh b/projects/kubernetes-sigs/kind/build/node-image-build-args.sh index cecbceca49..7dd7a23b23 100755 --- a/projects/kubernetes-sigs/kind/build/node-image-build-args.sh +++ b/projects/kubernetes-sigs/kind/build/node-image-build-args.sh @@ -51,13 +51,13 @@ ETCD_VERSION=$(build::eksd_releases::get_eksd_component_version "etcd" $EKSD_REL # Expected versions provided by kind which are replaced in the docker build with our versions # when updating kind check the following, they may need to be updated -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/pkg/build/nodeimage/const_cni.go#L23 -KINDNETD_IMAGE_TAG="docker.io/kindest/kindnetd:v20230330-48f316cd@sha256:c19d6362a6a928139820761475a38c24c0cf84d507b9ddf414a078cf627497af" -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/pkg/build/nodeimage/const_storage.go#L28 -LOCAL_PATH_PROVISONER_IMAGE_TAG="docker.io/kindest/local-path-provisioner:v0.0.23-kind.0@sha256:f2d0a02831ff3a03cf51343226670d5060623b43a4cfc4808bd0875b2c4b9501" -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/pkg/build/nodeimage/const_storage.go#L29 -LOCAL_PATH_HELPER_IMAGE_TAG="docker.io/kindest/local-path-helper:v20230330-48f316cd@sha256:135203f2441f916fb13dad1561d27f60a6f11f50ec288b01a7d2ee9947c36270" -# https://github.com/kubernetes-sigs/kind/blob/v0.18.0/images/base/files/etc/containerd/config.toml#L37 +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/pkg/build/nodeimage/const_cni.go#L23 +KINDNETD_IMAGE_TAG="docker.io/kindest/kindnetd:v20230511-dc714da8" +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/pkg/build/nodeimage/const_storage.go#L28 +LOCAL_PATH_PROVISONER_IMAGE_TAG="docker.io/kindest/local-path-provisioner:v20230511-dc714da8" +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/pkg/build/nodeimage/const_storage.go#L29 +LOCAL_PATH_HELPER_IMAGE_TAG="docker.io/kindest/local-path-helper:v20230510-486859a6" +# https://github.com/kubernetes-sigs/kind/blob/v0.20.0/images/base/files/etc/containerd/config.toml#L37 PAUSE_IMAGE_TAG="registry.k8s.io/pause:3.7" mkdir -p $(dirname $OUTPUT_FILE) diff --git a/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch b/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch index 0ae5053fe4..cb20545466 100644 --- a/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch +++ b/projects/kubernetes-sigs/kind/patches/0001-Switch-to-AL2-base-image-for-node-image.patch @@ -1,24 +1,28 @@ -From 3c55c9e2dfbd31a1f0e4c92db01728d076f08086 Mon Sep 17 00:00:00 2001 +From fc6ed013f61ce370ea9bb89d972c70acae247aa9 Mon Sep 17 00:00:00 2001 From: Jackson West -Date: Sat, 2 Apr 2022 22:00:37 -0500 -Subject: [PATCH 1/2] Switch to AL2 base image for node image +Date: Thu, 29 Jun 2023 00:56:53 -0700 +Subject: [PATCH 1/3] Switch to AL2 base image for node image -Signed-off-by: Jackson West --- - images/base/Dockerfile | 146 ++++++++---------- + images/base/Dockerfile | 231 +++++++----------- images/base/files/usr/local/bin/clean-install | 10 +- - 2 files changed, 69 insertions(+), 87 deletions(-) + 2 files changed, 99 insertions(+), 142 deletions(-) diff --git a/images/base/Dockerfile b/images/base/Dockerfile -index f6abfa3b..e4c13a47 100644 +index eb3f95ad..0ab8ab87 100644 --- a/images/base/Dockerfile +++ b/images/base/Dockerfile -@@ -19,43 +19,25 @@ +@@ -17,11 +17,27 @@ + # For systemd + docker configuration used below, see the following references: + # https://systemd.io/CONTAINER_INTERFACE/ - # start from ubuntu, this image is reasonably small as a starting point - # for a kubernetes node image, it doesn't contain much we don't need --ARG BASE_IMAGE=ubuntu:22.04 --FROM $BASE_IMAGE as build +-# start from debian slim, this image is reasonably small as a starting point +-# for a kubernetes node image, it doesn't contain much (anything?) we don't need +-# this stage will install basic files and packages +-ARG BASE_IMAGE=debian:bullseye-slim +-FROM $BASE_IMAGE as base ++# start from ubuntu, this image is reasonably small as a starting point ++# for a kubernetes node image, it doesn't contain much we don't need +ARG BASE_IMAGE +ARG BUILDER_IMAGE +FROM $BASE_IMAGE as base-amd64 @@ -27,41 +31,8 @@ index f6abfa3b..e4c13a47 100644 +ARG CRICTL_AMD64_SHA256SUM_URL +ARG CRICTL_URL=${CRICTL_AMD64_URL} +ARG CRICTL_SHA256SUM_URL=${CRICTL_AMD64_SHA256SUM_URL} - --# `docker buildx` automatically sets this arg value --ARG TARGETARCH - --# Configure containerd and runc binaries from kind-ci/containerd-nightlies repository --# The repository contains latest stable releases and nightlies built for multiple architectures --ARG CONTAINERD_VERSION="1.6.19-46-g941215f49" --ARG CONTAINERD_BASE_URL="https://github.com/kind-ci/containerd-nightlies/releases/download" --ARG CONTAINERD_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}-linux-${TARGETARCH}.tar.gz" --ARG CONTAINERD_AMD64_SHA256SUM="df182a12d9108042df7dc449506be43f2fed8b3babde5bb9a72e5554e055a085" --ARG CONTAINERD_ARM64_SHA256SUM="2c76703c81ddaee5295911b8d8816dc84bcd8c5f78e48ea6f03b00a86148694e" -- --ARG RUNC_URL="${CONTAINERD_BASE_URL}/containerd-${CONTAINERD_VERSION}/runc.${TARGETARCH}" --ARG RUNC_AMD64_SHA256SUM="76acadf30309b3e36aeb1bdb69238e52be2dd12e7a3557641e6f25415c1cb29b" --ARG RUNC_ARM64_SHA256SUM="2216c944455b4664113ce0af8b4a6ddc3beb7bacecc06b45b03b004995c822c1" -- --# Configure crictl binary from upstream --ARG CRICTL_VERSION="v1.26.1" --ARG CRICTL_URL="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-${TARGETARCH}.tar.gz" --ARG CRICTL_AMD64_SHA256SUM="0c1a0f9900c15ee7a55e757bcdc220faca5dd2e1cfc120459ad1f04f08598127" --ARG CRICTL_ARM64_SHA256SUM="cfa28be524b5da1a6dded455bb497dfead27b1fd089e1161eb008909509be585" -- --# Configure CNI binaries from upstream --ARG CNI_PLUGINS_VERSION="v1.2.0" --ARG CNI_PLUGINS_TARBALL="${CNI_PLUGINS_VERSION}/cni-plugins-linux-${TARGETARCH}-${CNI_PLUGINS_VERSION}.tgz" --ARG CNI_PLUGINS_URL="https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_TARBALL}" --ARG CNI_PLUGINS_AMD64_SHA256SUM="f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37" --ARG CNI_PLUGINS_ARM64_SHA256SUM="525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57" -- --# Configure containerd-fuse-overlayfs snapshotter binary from upstream --ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="1.0.5" --ARG CONTAINERD_FUSE_OVERLAYFS_TARBALL="v${CONTAINERD_FUSE_OVERLAYFS_VERSION}/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}-linux-${TARGETARCH}.tar.gz" --ARG CONTAINERD_FUSE_OVERLAYFS_URL="https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/${CONTAINERD_FUSE_OVERLAYFS_TARBALL}" --ARG CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM="1f4b12322cc1b044dfbbeaec30fc42295cedc8b6f0642146ba518333f9d5ddca" --ARG CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM="073e83196a7a73bd130fe44085bd65303c7e6cfc8c53ba46d90a16cbb8e5a112" ++ ++ +FROM $BASE_IMAGE as base-arm64 + +ARG CRICTL_ARM64_URL @@ -74,79 +45,189 @@ index f6abfa3b..e4c13a47 100644 # copy in static files # all scripts are 0755 (rwx r-x r-x) -@@ -102,11 +84,11 @@ COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/syst +@@ -71,10 +87,11 @@ COPY --chmod=0644 files/etc/systemd/system/kubelet.service.d/* /etc/systemd/syst RUN echo "Installing Packages ..." \ && DEBIAN_FRONTEND=noninteractive clean-install \ systemd \ -- conntrack iptables iproute2 ethtool socat util-linux mount ebtables kmod \ -- libseccomp2 pigz \ -+ conntrack iptables iproute ethtool socat util-linux ebtables kmod \ +- conntrack iptables iproute2 ethtool util-linux mount ebtables kmod \ +- libseccomp2 pigz fuse-overlayfs \ +- nfs-common open-iscsi \ ++ conntrack iptables iproute ethtool util-linux ebtables kmod \ + libseccomp pigz \ - bash ca-certificates curl rsync \ -- nfs-common fuse-overlayfs open-iscsi \ -- jq \ + nfs-utils \ -+ containerd which tar procps hostname jq lockdev sudo \ + bash ca-certificates curl jq procps \ ++ containerd hostname lockdev rsync sudo tar which \ && find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \ && rm -f /lib/systemd/system/multi-user.target.wants/* \ && rm -f /etc/systemd/system/*.wants/* \ -@@ -114,49 +96,65 @@ RUN echo "Installing Packages ..." \ - && rm -f /lib/systemd/system/sockets.target.wants/*udev* \ +@@ -83,148 +100,90 @@ RUN echo "Installing Packages ..." \ && rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ && rm -f /lib/systemd/system/basic.target.wants/* \ -- && echo "ReadKMsg=no" >> /etc/systemd/journald.conf \ + && echo "ReadKMsg=no" >> /etc/systemd/journald.conf \ - && ln -s "$(which systemd)" /sbin/init ++ # already set on al23 ++ # && ln -s "$(which systemd)" /sbin/init + # avoid runaway agetty processes most likely due to al2 being based on older centos 7 -+ && systemctl mask getty@tty1.service \ -+ && echo "ReadKMsg=no" >> /etc/systemd/journald.conf ++ # leaving for now, but al23 may not be affected by this issue ++ && systemctl mask getty@tty1.service ++ - RUN echo "Enabling kubelet ... " \ - && systemctl enable kubelet.service - --RUN echo "Installing containerd ..." \ -- && curl -sSL --retry 5 --output /tmp/containerd.${TARGETARCH}.tgz "${CONTAINERD_URL}" \ -- && echo "${CONTAINERD_AMD64_SHA256SUM} /tmp/containerd.amd64.tgz" | tee /tmp/containerd.sha256 \ -- && echo "${CONTAINERD_ARM64_SHA256SUM} /tmp/containerd.arm64.tgz" | tee -a /tmp/containerd.sha256 \ -- && sha256sum --ignore-missing -c /tmp/containerd.sha256 \ -- && rm -f /tmp/containerd.sha256 \ -- && tar -C /usr/local -xzvf /tmp/containerd.${TARGETARCH}.tgz \ -- && rm -rf /tmp/containerd.${TARGETARCH}.tgz \ -- && rm -f /usr/local/bin/containerd-stress /usr/local/bin/containerd-shim-runc-v1 \ -- && curl -sSL --retry 5 --output /tmp/runc.${TARGETARCH} "${RUNC_URL}" \ -- && echo "${RUNC_AMD64_SHA256SUM} /tmp/runc.amd64" | tee /tmp/runc.sha256 \ -- && echo "${RUNC_ARM64_SHA256SUM} /tmp/runc.arm64" | tee -a /tmp/runc.sha256 \ -- && sha256sum --ignore-missing -c /tmp/runc.sha256 \ -- && mv /tmp/runc.${TARGETARCH} /usr/local/sbin/runc \ -- && chmod 755 /usr/local/sbin/runc \ -+RUN echo "Enabling containerd ..." \ - && ctr oci spec \ - | jq '.hooks.createContainer[.hooks.createContainer| length] |= . + {"path": "/usr/local/bin/mount-product-files"}' \ - | jq 'del(.process.rlimits)' \ - > /etc/containerd/cri-base.json \ - && containerd --version \ - && runc --version \ -- && systemctl enable containerd -+ && systemctl enable containerd.service \ -+ && cp /usr/lib/systemd/system/containerd.service /etc/systemd/system/containerd.service + RUN echo "Enabling services ... " \ + && systemctl enable kubelet.service \ + && systemctl enable containerd.service \ + && systemctl enable undo-mount-hacks.service --RUN echo "Installing crictl ..." \ +RUN echo "Installing crictl ..." \ - && curl -sSL --retry 5 --output /tmp/crictl.${TARGETARCH}.tgz "${CRICTL_URL}" \ -- && echo "${CRICTL_AMD64_SHA256SUM} /tmp/crictl.amd64.tgz" | tee /tmp/crictl.sha256 \ -- && echo "${CRICTL_ARM64_SHA256SUM} /tmp/crictl.arm64.tgz" | tee -a /tmp/crictl.sha256 \ -- && sha256sum --ignore-missing -c /tmp/crictl.sha256 \ ++ && curl -sSL --retry 5 --output /tmp/crictl.${TARGETARCH}.tgz "${CRICTL_URL}" \ + && echo "$(curl $CRICTL_SHA256SUM_URL | cut -d ' ' -f1) /tmp/crictl.${TARGETARCH}.tgz" | tee /tmp/crictl.sha256 \ + && sha256sum -c /tmp/crictl.sha256 \ - && rm -f /tmp/crictl.sha256 \ - && tar -C /usr/local/bin -xzvf /tmp/crictl.${TARGETARCH}.tgz \ -- && rm -rf /tmp/crictl.${TARGETARCH}.tgz ++ && rm -f /tmp/crictl.sha256 \ ++ && tar -C /usr/local/bin -xzvf /tmp/crictl.${TARGETARCH}.tgz \ + && rm -rf /tmp/crictl.${TARGETARCH}.tgz + -+RUN echo "Ensuring /etc/kubernetes/manifests" \ -+ && mkdir -p /etc/kubernetes/manifests -+ + RUN echo "Ensuring /etc/kubernetes/manifests" \ + && mkdir -p /etc/kubernetes/manifests + +-# shared stage to setup go version for building binaries +-# NOTE we will be cross-compiling for performance reasons +-# This is also why we start again FROM the same base image but a different +-# platform and only the files needed for building +-# We will copy the built binaries from later stages to the final stage(s) +-FROM --platform=$BUILDPLATFORM $BASE_IMAGE as go-build +-COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/ +-COPY --chmod=0755 scripts/third_party/gimme/gimme /usr/local/bin/ +-COPY --chmod=0755 scripts/target-cc /usr/local/bin/ +-# tools needed at build-time only +-# first ensure we can install packages for both architectures +-RUN dpkg --add-architecture arm64 && dpkg --add-architecture amd64 \ +- && clean-install bash ca-certificates curl git make pkg-config \ +- crossbuild-essential-amd64 crossbuild-essential-arm64 \ +- libseccomp-dev:amd64 libseccomp-dev:arm64 +-# set by makefile to .go-version +-ARG GO_VERSION +-RUN eval "$(gimme "${GO_VERSION}")" \ +- && GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest +- +- +-# stage for building containerd +-FROM go-build as build-containerd +-ARG TARGETARCH GO_VERSION +-ARG CONTAINERD_VERSION="v1.7.1" +-ARG CONTAINERD_CLONE_URL="https://github.com/containerd/containerd" +-# we don't build with optional snapshotters, we never select any of these +-# they're not ideal inside kind anyhow, and we save some disk space +-ARG BUILDTAGS="no_aufs no_zfs no_btrfs no_devmapper" +-RUN git clone --filter=tree:0 "${CONTAINERD_CLONE_URL}" /containerd \ +- && cd /containerd \ +- && git checkout "${CONTAINERD_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make bin/ctr bin/containerd bin/containerd-shim-runc-v2 \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES \ +- ./cmd/ctr ./cmd/containerd ./cmd/containerd-shim-runc-v2 +- +-# stage for building runc +-FROM go-build as build-runc +-ARG TARGETARCH GO_VERSION +-ARG RUNC_VERSION="v1.1.7" +-ARG RUNC_CLONE_URL="https://github.com/opencontainers/runc" +-RUN git clone --filter=tree:0 "${RUNC_CLONE_URL}" /runc \ +- && cd /runc \ +- && git checkout "${RUNC_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make runc \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES . +- +-# stage for building crictl +-FROM go-build as build-crictl +-ARG TARGETARCH GO_VERSION +-ARG CRI_TOOLS_CLONE_URL="https://github.com/kubernetes-sigs/cri-tools" +-ARG CRICTL_VERSION="v1.27.0" +-RUN git clone --filter=tree:0 "${CRI_TOOLS_CLONE_URL}" /cri-tools \ +- && cd /cri-tools \ +- && git checkout "${CRICTL_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make BUILD_BIN_PATH=./build crictl \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES ./cmd/crictl +- +-# stage for building cni-plugins +-FROM go-build as build-cni +-ARG TARGETARCH GO_VERSION +-ARG CNI_PLUGINS_VERSION="v1.3.0" +-ARG CNI_PLUGINS_CLONE_URL="https://github.com/containernetworking/plugins" +-RUN git clone --filter=tree:0 "${CNI_PLUGINS_CLONE_URL}" /cni-plugins \ +- && cd /cni-plugins \ +- && git checkout "${CNI_PLUGINS_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && mkdir ./bin \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && go build -o ./bin/host-local -mod=vendor ./plugins/ipam/host-local \ +- && go build -o ./bin/loopback -mod=vendor ./plugins/main/loopback \ +- && go build -o ./bin/ptp -mod=vendor ./plugins/main/ptp \ +- && go build -o ./bin/portmap -mod=vendor ./plugins/meta/portmap \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES \ +- ./plugins/ipam/host-local \ +- ./plugins/main/loopback ./plugins/main/ptp \ +- ./plugins/meta/portmap +- +-# stage for building containerd-fuse-overlayfs +-FROM go-build as build-fuse-overlayfs +-ARG TARGETARCH GO_VERSION +-ARG CONTAINERD_FUSE_OVERLAYFS_VERSION="v1.0.5" +-ARG CONTAINERD_FUSE_OVERLAYFS_CLONE_URL="https://github.com/containerd/fuse-overlayfs-snapshotter" +-RUN git clone --filter=tree:0 "${CONTAINERD_FUSE_OVERLAYFS_CLONE_URL}" /fuse-overlayfs-snapshotter \ +- && cd /fuse-overlayfs-snapshotter \ +- && git checkout "${CONTAINERD_FUSE_OVERLAYFS_VERSION}" \ +- && eval "$(gimme "${GO_VERSION}")" \ +- && export GOARCH=$TARGETARCH && export CC=$(target-cc) && export CGO_ENABLED=1 \ +- && make bin/containerd-fuse-overlayfs-grpc \ +- && GOARCH=$TARGETARCH go-licenses save --save_path=/_LICENSES ./cmd/containerd-fuse-overlayfs-grpc +- +- +-# build final image layout from other stages +-FROM base as build +-# copy over containerd build and install +-COPY --from=build-containerd /containerd/bin/containerd /usr/local/bin/ +-COPY --from=build-containerd /containerd/bin/ctr /usr/local/bin/ +-COPY --from=build-containerd /containerd/bin/containerd-shim-runc-v2 /usr/local/bin/ ++# this was removed upstream when they switched to debian ++# keeping since this unit exists in al23 +RUN echo "Adjusting systemd-tmpfiles timer" \ + && sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#' ++ + RUN ctr oci spec \ + | jq '.hooks.createContainer[.hooks.createContainer| length] |= . + {"path": "/kind/bin/mount-product-files.sh"}' \ + | jq 'del(.process.rlimits)' \ + > /etc/containerd/cri-base.json \ + && containerd --version +-COPY --from=build-containerd /_LICENSES/* /LICENSES/ +-# copy over runc build and install +-COPY --from=build-runc /runc/runc /usr/local/sbin/runc +-RUN runc --version +-COPY --from=build-runc /_LICENSES/* /LICENSES/ +-# copy over crictl build and install +-COPY --from=build-crictl /cri-tools/build/crictl /usr/local/bin/ +-COPY --from=build-crictl /_LICENSES/* /LICENSES/ +-# copy over CNI plugins build and install +-RUN mkdir -p /opt/cni/bin +-COPY --from=build-cni /cni-plugins/bin/host-local /opt/cni/bin/ +-COPY --from=build-cni /cni-plugins/bin/loopback /opt/cni/bin/ +-COPY --from=build-cni /cni-plugins/bin/ptp /opt/cni/bin/ +-COPY --from=build-cni /cni-plugins/bin/portmap /opt/cni/bin/ +-COPY --from=build-cni /_LICENSES/* /LICENSES/ +-# copy over containerd-fuse-overlayfs and install +-COPY --from=build-fuse-overlayfs /fuse-overlayfs-snapshotter/bin/containerd-fuse-overlayfs-grpc /usr/local/bin/ +-COPY --from=build-fuse-overlayfs /_LICENSES/* /LICENSES/ +- +-# squash down to one compressed layer, without any lingering whiteout files etc +-FROM scratch +-COPY --from=build / / +-# add metadata, must be done after the squashing ++ ++# force use of al23 provided containerd.service config ++RUN cp /usr/lib/systemd/system/containerd.service /etc/systemd/system/containerd.service + +# These targets are basing off the "pushed" verison of the image above which is BUILDER_IMAGE +# the final base will be eks-distro-base, with the contents from the above copied @@ -171,44 +252,33 @@ index f6abfa3b..e4c13a47 100644 + +COPY --chmod=0755 files/usr/local/bin/* /usr/local/bin/ +COPY --chmod=0644 files/etc/* /etc - - RUN echo "Installing CNI plugin binaries ..." \ - && curl -sSL --retry 5 --output /tmp/cni.${TARGETARCH}.tgz "${CNI_PLUGINS_URL}" \ -- && echo "${CNI_PLUGINS_AMD64_SHA256SUM} /tmp/cni.amd64.tgz" | tee /tmp/cni.sha256 \ -- && echo "${CNI_PLUGINS_ARM64_SHA256SUM} /tmp/cni.arm64.tgz" | tee -a /tmp/cni.sha256 \ -- && sha256sum --ignore-missing -c /tmp/cni.sha256 \ ++ ++RUN echo "Installing CNI plugin binaries ..." \ ++ && curl -sSL --retry 5 --output /tmp/cni.${TARGETARCH}.tgz "${CNI_PLUGINS_URL}" \ + && echo "${CNI_PLUGINS_SHA256SUM} /tmp/cni.${TARGETARCH}.tgz" | tee /tmp/cni.sha256 \ + && sha256sum -c /tmp/cni.sha256 \ - && rm -f /tmp/cni.sha256 \ - && mkdir -p /opt/cni/bin \ - && tar -C /opt/cni/bin -xzvf /tmp/cni.${TARGETARCH}.tgz \ -@@ -169,24 +167,10 @@ RUN echo "Installing CNI plugin binaries ..." \ - \) \ - -delete - --RUN echo "Installing containerd-fuse-overlayfs ..." \ -- && curl -sSL --retry 5 --output /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz "${CONTAINERD_FUSE_OVERLAYFS_URL}" \ -- && echo "${CONTAINERD_FUSE_OVERLAYFS_AMD64_SHA256SUM} /tmp/containerd-fuse-overlayfs.amd64.tgz" | tee /tmp/containerd-fuse-overlayfs.sha256 \ -- && echo "${CONTAINERD_FUSE_OVERLAYFS_ARM64_SHA256SUM} /tmp/containerd-fuse-overlayfs.arm64.tgz" | tee -a /tmp/containerd-fuse-overlayfs.sha256 \ -- && sha256sum --ignore-missing -c /tmp/containerd-fuse-overlayfs.sha256 \ -- && rm -f /tmp/containerd-fuse-overlayfs.sha256 \ -- && tar -C /usr/local/bin -xzvf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz \ -- && rm -rf /tmp/containerd-fuse-overlayfs.${TARGETARCH}.tgz -- --RUN echo "Ensuring /etc/kubernetes/manifests" \ -- && mkdir -p /etc/kubernetes/manifests - --RUN echo "Adjusting systemd-tmpfiles timer" \ -- && sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#' ++ && rm -f /tmp/cni.sha256 \ ++ && mkdir -p /opt/cni/bin \ ++ && tar -C /opt/cni/bin -xzvf /tmp/cni.${TARGETARCH}.tgz \ ++ && rm -rf /tmp/cni.${TARGETARCH}.tgz \ ++ && find /opt/cni/bin -type f -not \( \ ++ -iname host-local \ ++ -o -iname ptp \ ++ -o -iname portmap \ ++ -o -iname loopback \ ++ \) \ ++ -delete ++ ++ +FROM $BASE_IMAGE as base-versioned - --# squash --FROM scratch --COPY --from=build / / ++ +COPY --from=base-versioned-intermediate / / - - # tell systemd that it is in docker (it will check for the container env) ++ ++ ++ + # first tell systemd that it is in docker (it will check for the container env) # https://systemd.io/CONTAINER_INTERFACE/ + ENV container docker diff --git a/images/base/files/usr/local/bin/clean-install b/images/base/files/usr/local/bin/clean-install index b0b861c3..f1d714a6 100755 --- a/images/base/files/usr/local/bin/clean-install @@ -236,5 +306,5 @@ index b0b861c3..f1d714a6 100755 - /usr/share/local/* + /usr/share/local/* || true -- -2.39.2 +2.40.1 diff --git a/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch b/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch index d2be7215f8..37f8f84526 100644 --- a/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch +++ b/projects/kubernetes-sigs/kind/patches/0002-skip-ctr-pulling-required-images-since-the-build-rem.patch @@ -1,19 +1,19 @@ -From 2a6b966caf858c5683660b644b7c2ee914e4e533 Mon Sep 17 00:00:00 2001 +From 314187ac127a4e8a190e62b9788a7940efbbb6f0 Mon Sep 17 00:00:00 2001 From: Jackson West Date: Sat, 2 Apr 2022 22:01:04 -0500 -Subject: [PATCH 2/2] skip ctr pulling required images since the build removes +Subject: [PATCH 2/3] skip ctr pulling required images since the build removes them anyway Signed-off-by: Jackson West --- - pkg/build/nodeimage/buildcontext.go | 48 +++++++++++++++-------------- - 1 file changed, 25 insertions(+), 23 deletions(-) + pkg/build/nodeimage/buildcontext.go | 36 +++++++++++++++-------------- + 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/pkg/build/nodeimage/buildcontext.go b/pkg/build/nodeimage/buildcontext.go -index ecbaf6b1..6922a23a 100644 +index fed540dc..7815c87f 100644 --- a/pkg/build/nodeimage/buildcontext.go +++ b/pkg/build/nodeimage/buildcontext.go -@@ -257,29 +257,31 @@ func (c *buildContext) prePullImagesAndWriteManifests(bits kube.Bits, parsedVers +@@ -258,23 +258,25 @@ func (c *buildContext) prePullImagesAndWriteManifests(bits kube.Bits, parsedVers } }() @@ -22,17 +22,11 @@ index ecbaf6b1..6922a23a 100644 - image := image // https://golang.org/doc/faq#closures_and_goroutines - fns = append(fns, func() error { - if !builtImages.Has(image) { -- /* -- TODO: show errors when we have real errors. See comments in -- importer implementation -- err := importer.Pull(image, dockerBuildOsAndArch(c.arch)) -- if err != nil { -- c.logger.Warnf("Failed to pull %s with error: %v", image, err) -- runE := exec.RunErrorForError(err) -- c.logger.Warn(string(runE.Output)) -- } -- */ -- _ = importer.Pull(image, dockerBuildOsAndArch(c.arch)) +- if err = importer.Pull(image, dockerBuildOsAndArch(c.arch)); err != nil { +- c.logger.Warnf("Failed to pull %s with error: %v", image, err) +- runE := exec.RunErrorForError(err) +- c.logger.Warn(string(runE.Output)) +- } - } - return nil - }) @@ -47,17 +41,11 @@ index ecbaf6b1..6922a23a 100644 + // image := image // https://golang.org/doc/faq#closures_and_goroutines + // fns = append(fns, func() error { + // if !builtImages.Has(image) { -+ // /* -+ // TODO: show errors when we have real errors. See comments in -+ // importer implementation -+ // err := importer.Pull(image, dockerBuildOsAndArch(c.arch)) -+ // if err != nil { -+ // c.logger.Warnf("Failed to pull %s with error: %v", image, err) -+ // runE := exec.RunErrorForError(err) -+ // c.logger.Warn(string(runE.Output)) -+ // } -+ // */ -+ // _ = importer.Pull(image, dockerBuildOsAndArch(c.arch)) ++ // if err = importer.Pull(image, dockerBuildOsAndArch(c.arch)); err != nil { ++ // c.logger.Warnf("Failed to pull %s with error: %v", image, err) ++ // runE := exec.RunErrorForError(err) ++ // c.logger.Warn(string(runE.Output)) ++ // } + // } + // return nil + // }) diff --git a/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch b/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch index 094ccd6d8a..6056b556b5 100644 --- a/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch +++ b/projects/kubernetes-sigs/kind/patches/0003-Patch-haproxy-maxconn-value-to-avoid-ulimit-issue.patch @@ -1,12 +1,11 @@ -From bc76a1b60451aa3df5bf85b37009eb298de86a2b Mon Sep 17 00:00:00 2001 -From: Prow Bot +From 00c9ce28d95941e4d555f2ace4a0eb3bc15d01a7 Mon Sep 17 00:00:00 2001 +From: Jackson West Date: Wed, 19 Apr 2023 12:28:28 -0500 Subject: [PATCH 3/3] Patch haproxy maxconn value to avoid ulimit issue EKS-A uses haproxy 2.5 which errors if the maxconn value requires more FDs than allowed by the ulimit setting of docker. 100k maxconn is too high for the default ulimit on an al2 node. - --- images/haproxy/haproxy.cfg | 5 ++++- pkg/cluster/internal/loadbalancer/config.go | 5 ++++- diff --git a/projects/kubernetes-sigs/kind/patches/0004-TEMP-lock-containerd-and-runc-version.patch b/projects/kubernetes-sigs/kind/patches/0004-TEMP-lock-containerd-and-runc-version.patch deleted file mode 100644 index 27f9ddd373..0000000000 --- a/projects/kubernetes-sigs/kind/patches/0004-TEMP-lock-containerd-and-runc-version.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 04ce891cae930cc9c1b08ff68aeeb727166d6376 Mon Sep 17 00:00:00 2001 -From: Prow Bot -Date: Sat, 12 Aug 2023 12:08:58 -0500 -Subject: [PATCH] TEMP: lock containerd and runc version - ---- - images/base/Dockerfile | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/images/base/Dockerfile b/images/base/Dockerfile -index e4c13a47..f38be515 100644 ---- a/images/base/Dockerfile -+++ b/images/base/Dockerfile -@@ -103,6 +103,9 @@ RUN echo "Installing Packages ..." \ - RUN echo "Enabling kubelet ... " \ - && systemctl enable kubelet.service - -+RUN echo "force runc and containerd version ... " \ -+ && DEBIAN_FRONTEND=noninteractive clean-install containerd-1.6.19-1.amzn2023.0.1 runc-1.1.5-1.amzn2023.0.1 -+ - RUN echo "Enabling containerd ..." \ - && ctr oci spec \ - | jq '.hooks.createContainer[.hooks.createContainer| length] |= . + {"path": "/usr/local/bin/mount-product-files"}' \ --- -2.40.1 - diff --git a/projects/vmware/govmomi/README.md b/projects/vmware/govmomi/README.md index 77503228ef..c6a9dbefa8 100644 --- a/projects/vmware/govmomi/README.md +++ b/projects/vmware/govmomi/README.md @@ -1,5 +1,5 @@ ## **GoVMOMI** -![Version](https://img.shields.io/badge/version-v0.30.4-blue) +![Version](https://img.shields.io/badge/version-v0.30.5-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiZ1FxODROWXBIdytIZVBsNUFzODdBcngreGlZdlVwdUliRThoTGNDajBab0YzdDZ3NzVKSnBTVDBTS0lzY25sUG82MzZPMWdteE14VkZrK0F2TlppKzBjPSIsIml2UGFyYW1ldGVyU3BlYyI6IkJHNTRwbGtDV2xYRCtaZ0wiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [GoVMOMI](https://github.com/vmware/govmomi) is a Go library for interacting with VMware vSphere APIs (ESXi and/or vCenter). It primarily provides convenience functions for working with the vSphere API. It provides Go bindings to the default implementation of the VMware Managed Object Management Interface (VMOMI)