From 500236a808f14fe8af02409b83a890d6bc503525 Mon Sep 17 00:00:00 2001 From: pavanipt Date: Fri, 27 Sep 2024 11:59:11 -0700 Subject: [PATCH] Merge master to release-1.18 (#3049) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen * Improve "cni-metrics-helper" setup experience (#2874) Co-authored-by: Senthil Kumaran * Add correct labels to CNI metrics chart. (#2889) * Added information on the build troubleshooting. (#2890) * Remove unused code in vpc cni init and vpc cni binary. (#2891) * Bump golang.org/x/sys from 0.18.0 to 0.19.0 in /test/agent (#2898) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/sys/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Filter Managed ENI. (#2895) If the SG reconcile loop runs before the ENI/IP reconcile loop it will modify the security groups as the ENI/IP reconcile hasn't had a chance to check the tags on the ENI yet. Without relying on cache, when the SG reconcile is run, it will not update the ENI with the node.k8s.amazonaws.com/no_manage: true tag * Merge release-1.18 to master after v1.18.1 release (#2914) * Update changelogs and charts for v1.18.0 release (#2858) Co-authored-by: Joseph Chen * Resolve merge conflicts from master to release 1.18 (#2885) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen * Merge master to release-1.18 for v1.18.1 release (#2882) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen * CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894) Co-authored-by: Joseph Chen * Fix metrics readme --------- Signed-off-by: dependabot[bot] Co-authored-by: Joseph Chen Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> * Update .go-version to fix GO-2024-2824 (#2911) * Soak Test for CNI. (#2915) * Soak Test for CNI. Soak Test runs a fundamental test, like connectivity across pods launched in both primary and secondary eni interfaces. It launches pods, tests connectivity, tears them down, and repeats this process for 1 hour. The run time configurable with how long we want to run the soak test. This test helps in discoverying race condition issues, compatiblity issues with underlying AMI. * Fix for make check. * Bump github.com/aws/amazon-vpc-resource-controller-k8s (#2910) Bumps [github.com/aws/amazon-vpc-resource-controller-k8s](https://github.com/aws/amazon-vpc-resource-controller-k8s) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/aws/amazon-vpc-resource-controller-k8s/releases) - [Commits](https://github.com/aws/amazon-vpc-resource-controller-k8s/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: github.com/aws/amazon-vpc-resource-controller-k8s dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update ENI Limits. (#2920) * Skip Soak Test while running other tests. (#2922) * Update golang to go1.22.3 (#2924) * Bump k8s.io/api from 0.29.3 to 0.30.1 (#2918) Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.1. - [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Switch to counter for awscni_no_available_ip_addresses (#2919) Co-authored-by: Liptan Biswas Co-authored-by: Senthil Kumaran * Expose network policy log file location to be configured using helm (#2925) * Expose network policy log file location to be configured using helm chart values. * Updated log file location name. * Merge release branch release_1.18 (#2929) * Update changelogs and charts for v1.18.0 release (#2858) Co-authored-by: Joseph Chen * Resolve merge conflicts from master to release 1.18 (#2885) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen * Merge master to release-1.18 for v1.18.1 release (#2882) * Mount /run/xtables.lock as FileOrCreate (#2841) Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state. Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * remove unused Dockerfile (#2869) * remove unused Dockerfile * update golang and dependencies to fix CVE * Update Kops test for 1.30 (#2868) Co-authored-by: Joseph Chen * Update .go-version to 1.22.2 to fix CVE reports. (#2870) * CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876) Co-authored-by: Joseph Chen * Update changelogs and charts for v1.18.0 release (#2858) (#2881) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen * CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894) Co-authored-by: Joseph Chen --------- Signed-off-by: dependabot[bot] Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Co-authored-by: Kai Wohlfahrt Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> * Helpful Make target to login to public ECR. (#2934) * Skip Static Canary in run-integration-test in Github. (#2935) * Run Kops Test Separately to triage failures. (#2936) * Bump go.uber.org/zap from 1.26.0 to 1.27.0 (#2938) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/sys from 0.19.0 to 0.20.0 in /test/agent (#2937) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.19.0 to 0.20.0. - [Commits](https://github.com/golang/sys/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Merge Changes from release-1.18 to master (#2944) * Changelog and Updated CNI Charts for v1.18.2 Release (#2942) * Update charts, config for Release v1.18.2. * Updated CNI and Metrics Helper Yaml file. ``` make generate-cni-yaml /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s//scripts/generate-cni-yaml.sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 15.3M 100 15.3M 0 0 28.4M 0 --:--:-- --:--:-- --:--:-- 28.3M Generated aws-vpc-cni and cni-metrics-helper manifest resources files in: - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/aws-k8s-cni - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/cni-metrics-helper ``` * Updated Changelog. * Fix the Charts Version for v1.18.2 (#2943) Helm Charts are fixed in eks-charts. https://github.com/aws/eks-charts/pull/1115 https://github.com/aws/eks-charts/pull/1115 * Update .go-version to 1.22.4 (#2950) * disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854) * disable leaked ENI cleanup routine when vpc-resource-controller is deployed * update helm version --------- Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/cni from 1.1.2 to 1.2.0 (#2901) Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/containernetworking/cni/releases) - [Commits](https://github.com/containernetworking/cni/compare/v1.1.2...v1.2.0) --- updated-dependencies: - dependency-name: github.com/containernetworking/cni dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Update test options default value and help. (#2955) * Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.18.4 (#2962) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.0 to 0.18.4. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.0...v0.18.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/cli-runtime from 0.29.0 to 0.30.2 (#2965) Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.29.0 to 0.30.2. - [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.29.0...v0.30.2) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump helm.sh/helm/v3 from 3.14.3 to 3.15.2 (#2964) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.3 to 3.15.2. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.3...v3.15.2) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [cni-metrics-helper] Expose container port when enabling prometheus metrics (#2957) To scrape Prometheus metrics using the Prometheus Operator's PodMonitor, container ports must be exposed via PodSpec. Signed-off-by: Tsubasa Nagasawa Co-authored-by: Senthil Kumaran * Subnet Discovery - Unfilled ENI fix (#2954) Co-authored-by: Joseph Chen * Refactor static canary tests. (#2966) - Remove any config changes to aws-node pod in BeforeSuite. - Remove dependency on multiple EC2 apis. * Upgrade to latest versions of GitHub actions (#2952) * Upgrade to latest versions of GitHub actions * Enable GH action updater * Update the APISpec Schema definition for ENIConfig. (#2969) * Update the APISpec Schema definition for ENIConfig. * removed the required property for security groups. * Use ECR Mirror for Curl Test Image. (#2956) * misc/10-aws.conflist: use __MTU__ variable for IPv4 egress-cni too (#2951) * Bump github.com/aws/aws-sdk-go from 1.51.32 to 1.54.11 (#2976) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.51.32 to 1.54.11. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.51.32...v1.54.11) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#2975) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](https://github.com/go-logr/logr/compare/v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#2972) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/sys from 0.20.0 to 0.21.0 in /test/agent (#2977) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.20.0 to 0.21.0. - [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/containernetworking/plugins from 1.4.1 to 1.5.1 (#2974) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.1 to 1.5.1. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.1...v1.5.1) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add unit test and readme update for POD_MTU/ AWS_VPC_ENI_MTU for Egress plugin behavior. (#2979) * Add unit test and readme update for AWS_VPC_ENI_MTU for Egress plugin behavior. * Added Coverage for IPV6 Egress Env Var. * Addressed review comment. * Update .go-version (#2981) * Add extraEnv for add additional env from configmap or secrets to daemonset (#2946) Co-authored-by: Senthil Kumaran * bpr: fix templating bug on helm when cniconfig is enabled (#2983) Co-authored-by: bpramanick * Update vpc_ip_resource_limit.go link in README.md (#2986) * Revert "disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854)" (#2987) * Revert "disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854)" This reverts commit 9fdcb5f96c56154f5cfaaec2ea049e6c5bb14979. * Fix go.mod dependencies. * updating iam doc with subnet policy (#2992) * updating iam doc * adding describe subnet to scoped down policy * Bump github.com/docker/docker (#2996) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.5+incompatible to 26.1.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.5...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/sys from 0.21.0 to 0.22.0 in /test/agent (#3005) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 (#3002) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.33.1 to 1.34.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.33.1...v1.34.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Document the Multi Card Support Limitation. (#3006) * Document the Multi Card Support Limitation. * Update the information on multi-card instance type. * Bump github.com/aws/aws-sdk-go from 1.54.11 to 1.55.5 (#3000) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.54.11 to 1.55.5. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.54.11...v1.55.5) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#3001) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.19.0 to 2.19.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.19.0...v2.19.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump k8s.io/client-go from 0.30.2 to 0.30.3 (#3003) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.30.2 to 0.30.3. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.30.2...v0.30.3) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/containernetworking/cni from 1.2.0 to 1.2.3 (#3004) Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.2.0 to 1.2.3. - [Release notes](https://github.com/containernetworking/cni/releases) - [Commits](https://github.com/containernetworking/cni/compare/v1.2.0...v1.2.3) --- updated-dependencies: - dependency-name: github.com/containernetworking/cni dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: init.image.pullPolicy and nodeAgent.image.pullPolicy not being respect (#3010) Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> * Bump github.com/docker/docker (#3011) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.4+incompatible to 26.1.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.4...v26.1.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update kops version and k8s version (#3012) * Bug fix: Ensure exact IP match between IMDS and local datastore. (#3033) * adding function to compare list * adding ut for functions * go fmt * Bump golang.org/x/sys from 0.22.0 to 0.24.0 in /test/agent (#3027) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.24.0. - [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/coreos/go-iptables from 0.7.0 to 0.8.0 in /test/agent (#3026) Bumps [github.com/coreos/go-iptables](https://github.com/coreos/go-iptables) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/coreos/go-iptables/releases) - [Commits](https://github.com/coreos/go-iptables/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-iptables dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0 in /test/agent (#3025) Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.1.0 to 1.3.0. - [Release notes](https://github.com/vishvananda/netlink/releases) - [Commits](https://github.com/vishvananda/netlink/compare/v1.1.0...v1.3.0) --- updated-dependencies: - dependency-name: github.com/vishvananda/netlink dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 (#3024) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump github.com/coreos/go-iptables from 0.7.0 to 0.8.0 (#3020) Bumps [github.com/coreos/go-iptables](https://github.com/coreos/go-iptables) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/coreos/go-iptables/releases) - [Commits](https://github.com/coreos/go-iptables/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-iptables dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Senthil Kumaran * Bump golang.org/x/sys from 0.22.0 to 0.25.0 (#3037) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.25.0. - [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.25.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix fetching enimetadata (#3035) * Fix fetching enimetadata for efa-only enis * Fix format * Fix and add tests * fix format * Add comments --------- Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com> * Changelog, Chart Versions and Config Version update for CNI Release v… (#3029) * Changelog, Chart Versions and Config Version update for CNI Release v1.18.3 (#2994) * CNI Release v1.18.3 * Added Changelog categories. * Update CHANGELOG.md Fix incomplete sentence. * test branch without addon --------- Co-authored-by: Senthil Kumaran * Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#3023) Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Revert "Fix fetching enimetadata (#3035)" (#3042) This reverts commit eb7a9bd6c4b785c8b145d926be1da798de23d0ad. * Revert test script changes in canary and integration test (#3045) * Filter for interfaces with no ip info (#3047) * Filter for interfaces with no ip info * code refactor * Donot return for missing ipv6 --------- Signed-off-by: dependabot[bot] Signed-off-by: Tsubasa Nagasawa Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> Co-authored-by: Kai Wohlfahrt Co-authored-by: Senthil Kumaran Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com> Co-authored-by: Joseph Chen <76720045+jchen6585@users.noreply.github.com> Co-authored-by: Joseph Chen Co-authored-by: guessi Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Co-authored-by: Liptan Biswas Co-authored-by: Liptan Biswas Co-authored-by: Tsubasa Nagasawa Co-authored-by: Victor Morales Co-authored-by: Benjamin Knofe Co-authored-by: Gawsoft <75686400+gawsoftpl@users.noreply.github.com> Co-authored-by: B Pramanick Co-authored-by: bpramanick Co-authored-by: hayden Co-authored-by: Yash Thakkar Co-authored-by: zyue110026 <98426905+zyue110026@users.noreply.github.com> Co-authored-by: Zach Dorame-Barajas <43703863+zachdorame@users.noreply.github.com> Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com> --- pkg/awsutils/awsutils.go | 56 ++++++++++++++++++++++++++++++++- pkg/awsutils/awsutils_test.go | 59 +++++++++++++++++++++++++---------- pkg/awsutils/imds.go | 18 +++++++++++ 3 files changed, 115 insertions(+), 18 deletions(-) diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index f9ba346915..3fea1e189d 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -604,6 +604,53 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat log.Debugf("Found ENI: %s, MAC %s, device %d", eniID, eniMAC, deviceNum) + // Get IMDS fields for the interface + macImdsFields, err := cache.imds.GetMACImdsFields(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetMACImdsFields", err) + return ENIMetadata{}, err + } + ipInfoAvailable := false + // Efa-only interfaces do not have any ipv4s or ipv6s associated with it. If we don't find any local-ipv4 or ipv6 info in imds we assume it to be efa-only interface and validate this later via ec2 call + for _, field := range macImdsFields { + if field == "local-ipv4s" { + imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetLocalIPv4s", err) + return ENIMetadata{}, err + } + if len(imdsIPv4s) > 0 { + ipInfoAvailable = true + log.Debugf("Found IPv4 addresses associated with interface. This is not efa-only interface") + break + } + } + if field == "ipv6s" { + imdsIPv6s, err := cache.imds.GetIPv6s(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetIPv6s", err) + } else if len(imdsIPv6s) > 0 { + ipInfoAvailable = true + log.Debugf("Found IPv6 addresses associated with interface. This is not efa-only interface") + break + } + } + } + + if !ipInfoAvailable { + return ENIMetadata{ + ENIID: eniID, + MAC: eniMAC, + DeviceNumber: deviceNum, + SubnetIPv4CIDR: "", + IPv4Addresses: make([]*ec2.NetworkInterfacePrivateIpAddress, 0), + IPv4Prefixes: make([]*ec2.Ipv4PrefixSpecification, 0), + SubnetIPv6CIDR: "", + IPv6Addresses: make([]*ec2.NetworkInterfaceIpv6Address, 0), + IPv6Prefixes: make([]*ec2.Ipv6PrefixSpecification, 0), + }, nil + } + // Get IPv4 and IPv6 addresses assigned to interface cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) if err != nil { @@ -1356,9 +1403,16 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, if interfaceType == "trunk" { trunkENI = eniID } - if interfaceType == "efa" { + if interfaceType == "efa" || interfaceType == "efa-only" { efaENIs[eniID] = true } + if interfaceType != "efa-only" { + if len(eniMetadata.IPv4Addresses) == 0 { + log.Errorf("Missing IP addresses from IMDS. Non efa-only interface should have IP address associated with it %s", eniID) + outOfSyncErr := errors.New("DescribeAllENIs: No IPv4 address found") + return DescribeAllENIsResult{}, outOfSyncErr + } + } // Check IPv4 addresses logOutOfSyncState(eniID, eniMetadata.IPv4Addresses, ec2res.PrivateIpAddresses) tagMap[eniMetadata.ENIID] = convertSDKTagsToTags(ec2res.TagSet) diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index cf93040526..e923a82bcc 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -80,16 +80,19 @@ const ( eni2ID = "eni-12341234" metadataVPCIPv4CIDRs = "192.168.0.0/16 100.66.0.0/1" myNodeName = "testNodeName" + imdsMACFields = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block local-ipv4s ipv4-prefix ipv6-prefix" + imdsMACFieldsEfaOnly = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block ipv4-prefix ipv6-prefix" ) func testMetadata(overrides map[string]interface{}) FakeIMDS { data := map[string]interface{}{ - metadataAZ: az, - metadataLocalIP: localIP, - metadataInstanceID: instanceID, - metadataInstanceType: instanceType, - metadataMAC: primaryMAC, - metadataMACPath: primaryMAC, + metadataAZ: az, + metadataLocalIP: localIP, + metadataInstanceID: instanceID, + metadataInstanceType: instanceType, + metadataMAC: primaryMAC, + metadataMACPath: primaryMAC, + metadataMACPath + primaryMAC: imdsMACFields, metadataMACPath + primaryMAC + metadataDeviceNum: eni1Device, metadataMACPath + primaryMAC + metadataInterface: primaryeniID, metadataMACPath + primaryMAC + metadataSGs: sgs, @@ -109,12 +112,13 @@ func testMetadata(overrides map[string]interface{}) FakeIMDS { func testMetadataWithPrefixes(overrides map[string]interface{}) FakeIMDS { data := map[string]interface{}{ - metadataAZ: az, - metadataLocalIP: localIP, - metadataInstanceID: instanceID, - metadataInstanceType: instanceType, - metadataMAC: primaryMAC, - metadataMACPath: primaryMAC, + metadataAZ: az, + metadataLocalIP: localIP, + metadataInstanceID: instanceID, + metadataInstanceType: instanceType, + metadataMAC: primaryMAC, + metadataMACPath: primaryMAC, + metadataMACPath + primaryMAC: imdsMACFields, metadataMACPath + primaryMAC + metadataDeviceNum: eni1Device, metadataMACPath + primaryMAC + metadataInterface: primaryeniID, metadataMACPath + primaryMAC + metadataSGs: sgs, @@ -203,7 +207,8 @@ func TestInitWithEC2metadataErr(t *testing.T) { func TestGetAttachedENIs(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ - metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC: imdsMACFields, metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, metadataMACPath + eni2MAC + metadataInterface: eni2ID, metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, @@ -217,9 +222,26 @@ func TestGetAttachedENIs(t *testing.T) { } } +func TestGetAttachedENIsWithEfaOnly(t *testing.T) { + mockMetadata := testMetadata(map[string]interface{}{ + metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC: imdsMACFieldsEfaOnly, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, + }) + + cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}} + ens, err := cache.GetAttachedENIs() + if assert.NoError(t, err) { + assert.Equal(t, len(ens), 2) + } +} + func TestGetAttachedENIsWithPrefixes(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ - metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC: imdsMACFields, metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, metadataMACPath + eni2MAC + metadataInterface: eni2ID, metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, @@ -343,6 +365,7 @@ func TestDescribeAllENIs(t *testing.T) { Attachment: &ec2.NetworkInterfaceAttachment{ NetworkCardIndex: aws.Int64(0), }, + NetworkInterfaceId: aws.String(primaryeniID), }}, } @@ -357,7 +380,7 @@ func TestDescribeAllENIs(t *testing.T) { awsErr error expErr error }{ - {"Success DescribeENI", map[string]TagMap{"": {"foo": "foo-value"}}, 1, nil, nil}, + {"Success DescribeENI", map[string]TagMap{"eni-00000000": {"foo": "foo-value"}}, 1, nil, nil}, {"Not found error", nil, maxENIEC2APIRetries, awserr.New("InvalidNetworkInterfaceID.NotFound", "no 'eni-xxx'", nil), expectedError}, {"Not found, no message", nil, maxENIEC2APIRetries, awserr.New("InvalidNetworkInterfaceID.NotFound", "no message", nil), noMessageError}, {"Other error", nil, maxENIEC2APIRetries, err, err}, @@ -1006,7 +1029,8 @@ func TestEC2InstanceMetadataCache_waitForENIAndIPsAttached(t *testing.T) { } fmt.Println("eniips", eniIPs) mockMetadata := testMetadata(map[string]interface{}{ - metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC: imdsMACFields, metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, metadataMACPath + eni2MAC + metadataInterface: eni2ID, metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, @@ -1101,7 +1125,8 @@ func TestEC2InstanceMetadataCache_waitForENIAndPrefixesAttached(t *testing.T) { eniPrefixes = "" } mockMetadata := testMetadata(map[string]interface{}{ - metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC: imdsMACFields, metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, metadataMACPath + eni2MAC + metadataInterface: eni2ID, metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR, diff --git a/pkg/awsutils/imds.go b/pkg/awsutils/imds.go index 69c9343501..ab845eeb45 100644 --- a/pkg/awsutils/imds.go +++ b/pkg/awsutils/imds.go @@ -136,6 +136,24 @@ func (imds TypedIMDS) GetMACs(ctx context.Context) ([]string, error) { return list, err } +// GetMACImdsFields returns the imds fields present for a MAC +func (imds TypedIMDS) GetMACImdsFields(ctx context.Context, mac string) ([]string, error) { + key := fmt.Sprintf("network/interfaces/macs/%s", mac) + list, err := imds.getList(ctx, key) + if err != nil { + if imdsErr, ok := err.(*imdsRequestError); ok { + log.Warnf("%v", err) + return nil, imdsErr.err + } + return nil, err + } + // Remove trailing / + for i, item := range list { + list[i] = strings.TrimSuffix(item, "/") + } + return list, err +} + // GetInterfaceID returns the ID of the network interface. func (imds TypedIMDS) GetInterfaceID(ctx context.Context, mac string) (string, error) { key := fmt.Sprintf("network/interfaces/macs/%s/interface-id", mac)