From 310c784f22b147efb04ebda79a8f8f101a546bd1 Mon Sep 17 00:00:00 2001 From: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Date: Thu, 7 Nov 2024 08:47:47 -0800 Subject: [PATCH 01/60] Update to Changelog, config and scripts. (#3095) (#3107) * Update to Changelog, config and scripts. * Add Version in Changelog. Co-authored-by: Senthil Kumaran --- CHANGELOG.md | 18 ++++++++++++++++++ charts/aws-vpc-cni/Chart.yaml | 4 ++-- charts/aws-vpc-cni/README.md | 6 +++--- charts/aws-vpc-cni/values.yaml | 8 ++++---- charts/cni-metrics-helper/Chart.yaml | 4 ++-- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 18 +++++++++--------- config/master/aws-k8s-cni-us-gov-east-1.yaml | 18 +++++++++--------- config/master/aws-k8s-cni-us-gov-west-1.yaml | 18 +++++++++--------- config/master/aws-k8s-cni.yaml | 18 +++++++++--------- config/master/cni-metrics-helper-cn.yaml | 10 +++++----- .../cni-metrics-helper-us-gov-east-1.yaml | 10 +++++----- .../cni-metrics-helper-us-gov-west-1.yaml | 10 +++++----- config/master/cni-metrics-helper.yaml | 10 +++++----- scripts/generate-cni-yaml.sh | 4 ++-- scripts/run-cni-release-tests.sh | 6 +++--- 17 files changed, 92 insertions(+), 74 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7b0258fec..3707635a05 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,24 @@ ## v1.18.5 +### What's Changed + +* Improvement - Add byobject filter on nodes #2888 +* Improvement - Move KUBE_CONFIG_PATH variable to KUBECONFIG variable #3015 +* Improvement - Update Limits and Add New Instance Types. #3077 + +* Dependency - Bump google.golang.org/grpc from 1.62.0 to 1.67.1 #3056 +* Dependency - Bump github.com/prometheus/common from 0.53.0 to 0.60.0 #3057 +* Dependency - Bump golang.org/x/sys from 0.24.0 to 0.25.0 in /test/agent #3052 +* Dependency - update upstream cni to 1.5.1 #3065 +* Dependency - Bump k8s.io/client-go from 0.30.3 to 0.31.1 #3036 +* Dependency - Bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0 #3054 +* Docs - Document the limitation of SGP with kube-proxy IPVS mode. #3064 +* Bugfix - https://github.com/aws/amazon-vpc-cni-k8s/pull/3088 +* Bugfix - Fix the SCRIPT_DIR reference in integration tests. #3090 + +## v1.18.5 + ## What's Changed * Improvement - Filter out interfaces with no ip info by @Pavani-Panakanti in https://github.com/aws/amazon-vpc-cni-k8s/pull/3047 diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index eee1776e9b..3997bbe2b0 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.18.5 -appVersion: "v1.18.5" +version: 1.18.6 +appVersion: "v1.18.6" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 14c78d4ccc..7e277a59fa 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.18.5` | +| `image.tag` | Image tag | `v1.18.6` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.18.5` | +| `init.image.tag` | Image tag | `v1.18.6` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -69,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.3` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.4` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index bb20dc1a7b..180ae01d9f 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.18.5 + tag: v1.18.6 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.1.3 + tag: v1.1.4 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -51,7 +51,7 @@ nodeAgent: resources: {} image: - tag: v1.18.5 + tag: v1.18.6 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -85,7 +85,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.18.5" + VPC_CNI_VERSION: "v1.18.6" NETWORK_POLICY_ENFORCING_MODE: "standard" # Add env from configMap or from secrets diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index 95677d2711..bcdf656fa4 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.18.5 -appVersion: v1.18.5 +version: 1.18.6 +appVersion: v1.18.6 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index cf9c55dd7b..bfa83ed2b2 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d | -------------------------------|---------------------------------------------------------------|-------------------------------------| | `affinity` | Map of node/pod affinities | `{}` | | `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | -| `image.tag` | Image tag | `v1.18.5` | +| `image.tag` | Image tag | `v1.18.6` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.account` | ECR repository account number | `602401143452` | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 52f2e22ba2..35712ba8e0 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.18.5 + tag: v1.18.6 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index b7eaec4d80..0c0051fae9 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.5 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.6 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.5 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.6 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.5" + value: "v1.18.6" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.3 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.4 imagePullPolicy: Always env: - name: MY_NODE_NAME diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index b15c5fa11f..2d4485a4e3 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.5 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.6 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.5 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.6 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.5" + value: "v1.18.6" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.3 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.4 imagePullPolicy: Always env: - name: MY_NODE_NAME diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 8690c5d3dc..52290831cf 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.5 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.6 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.5 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.6 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.5" + value: "v1.18.6" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.3 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.4 imagePullPolicy: Always env: - name: MY_NODE_NAME diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index 43e28c64d5..55bfbbce3f 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.5 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.6 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.5 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.6 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.5" + value: "v1.18.6" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.3 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.4 imagePullPolicy: Always env: - name: MY_NODE_NAME diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 0f1bb573bb..7804a6b96c 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.5" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.6" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 8b5310959a..33ba527f41 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.5" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.6" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 54bf7a3425..13b7c50d62 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.5" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.6" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 9c1f5564f9..c8224a42dd 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.5" + app.kubernetes.io/version: "v1.18.6" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.5" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.6" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index afcccf72f4..a1064267dc 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.18.5" -NODE_AGENT_VERSION="v1.1.3" +VPC_CNI_VERSION="v1.18.6" +NODE_AGENT_VERSION="v1.1.4" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 5e2549dfca..92fafe84f5 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.5" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.6" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -38,9 +38,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.5" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.6" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.5}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.6}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From f0804182ef353cdda3caab98131c8f77f72b8cbf Mon Sep 17 00:00:00 2001 From: pavanipt Date: Wed, 27 Nov 2024 07:06:56 -0800 Subject: [PATCH 02/60] Update NP strict mode doc (#3125) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 57113f8198..cff797a55d 100644 --- a/README.md +++ b/README.md @@ -741,7 +741,7 @@ Type: String Default: `standard` -Network Policy agent now supports two modes for Network Policy enforcement - Strict and Standard. By default, the Amazon VPC CNI plugin for Kubernetes configures network policies for pods in parallel with the pod provisioning. In the `standard` mode, until all of the policies are configured for the new pod, containers in the new pod will start with a default allow policy. A default allow policy means that all ingress and egress traffic is allowed to and from the new pods. However, in the `strict` mode, a new pod will be blocked from Egress and Ingress connections till a qualifying Network Policy is applied. In Strict Mode, you must have a network policy defined for every pod in your cluster. Host Networking pods are exempted from this requirement. +Network Policy agent now supports two modes for Network Policy enforcement - Strict and Standard. By default, the Amazon VPC CNI plugin for Kubernetes configures network policies for pods in parallel with the pod provisioning. In the `standard` mode, until all of the policies are configured for the new pod, containers in the new pod will start with a default allow policy. A default allow policy means that all ingress and egress traffic is allowed to and from the new pods. However, in the `strict` mode, a new pod will start with a default deny policy and all Egress and Ingress connections will be blocked till Network Policies are configured. In Strict Mode, you must have a network policy defined for every pod in your cluster. Host Networking pods are exempted from this requirement. ### VPC CNI Feature Matrix From 64748b4594ddefd938f3a127a30ea3112a576f3e Mon Sep 17 00:00:00 2001 From: Yash Thakkar Date: Mon, 2 Dec 2024 09:08:51 -0800 Subject: [PATCH 03/60] adding email to send log bundle (#3134) --- docs/troubleshooting.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 17e79f1239..0fe3b9f11e 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -79,6 +79,7 @@ ipamd.log.2018-05-16-01 ipamd.log.2018-05-16-06 ipamd.log.2018-05-16-11 ipamd // download /var/log/eks_i-01111ad54b6cfaa19_2020-03-11_0103-UTC_0.6.0.tar.gz ``` +You can share log bundle with cni team on this email k8s-awscni-triage@amazon.com. ### ipamD debugging commands From 5daa8852c1573b41061a7d45a10fe5d70e6f8227 Mon Sep 17 00:00:00 2001 From: Gavin Bunney <409207+gavinbunney@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:39:54 -0800 Subject: [PATCH 04/60] Fix issues handling unmanaged ENIs with IPv6 only (#3122) --- pkg/awsutils/awsutils.go | 57 +++++++++++++++++++++-------------- pkg/awsutils/awsutils_test.go | 20 ++++++++++++ 2 files changed, 54 insertions(+), 23 deletions(-) diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index 3fea1e189d..c037622ad8 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -610,7 +610,9 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat awsAPIErrInc("GetMACImdsFields", err) return ENIMetadata{}, err } - ipInfoAvailable := false + + ipv4Available := false + ipv6Available := false // Efa-only interfaces do not have any ipv4s or ipv6s associated with it. If we don't find any local-ipv4 or ipv6 info in imds we assume it to be efa-only interface and validate this later via ec2 call for _, field := range macImdsFields { if field == "local-ipv4s" { @@ -620,7 +622,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat return ENIMetadata{}, err } if len(imdsIPv4s) > 0 { - ipInfoAvailable = true + ipv4Available = true log.Debugf("Found IPv4 addresses associated with interface. This is not efa-only interface") break } @@ -630,14 +632,14 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat if err != nil { awsAPIErrInc("GetIPv6s", err) } else if len(imdsIPv6s) > 0 { - ipInfoAvailable = true + ipv6Available = true log.Debugf("Found IPv6 addresses associated with interface. This is not efa-only interface") break } } } - if !ipInfoAvailable { + if !ipv4Available && !ipv6Available { return ENIMetadata{ ENIID: eniID, MAC: eniMAC, @@ -652,23 +654,29 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat } // Get IPv4 and IPv6 addresses assigned to interface - cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) - return ENIMetadata{}, err - } + var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress + var subnetV4Cidr string + if ipv4Available { + cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) + return ENIMetadata{}, err + } - imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetLocalIPv4s", err) - return ENIMetadata{}, err - } + subnetV4Cidr = cidr.String() + + imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetLocalIPv4s", err) + return ENIMetadata{}, err + } - ec2ip4s := make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) - for i, ip4 := range imdsIPv4s { - ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ - Primary: aws.Bool(i == 0), - PrivateIpAddress: aws.String(ip4.String()), + ec2ip4s = make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) + for i, ip4 := range imdsIPv4s { + ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ + Primary: aws.Bool(i == 0), + PrivateIpAddress: aws.String(ip4.String()), + } } } @@ -732,7 +740,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat ENIID: eniID, MAC: eniMAC, DeviceNumber: deviceNum, - SubnetIPv4CIDR: cidr.String(), + SubnetIPv4CIDR: subnetV4Cidr, IPv4Addresses: ec2ip4s, IPv4Prefixes: ec2ipv4Prefixes, SubnetIPv6CIDR: subnetV6Cidr, @@ -1407,14 +1415,17 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, efaENIs[eniID] = true } if interfaceType != "efa-only" { - if len(eniMetadata.IPv4Addresses) == 0 { + if len(eniMetadata.IPv4Addresses) == 0 && len(eniMetadata.IPv6Addresses) == 0 { log.Errorf("Missing IP addresses from IMDS. Non efa-only interface should have IP address associated with it %s", eniID) - outOfSyncErr := errors.New("DescribeAllENIs: No IPv4 address found") + outOfSyncErr := errors.New("DescribeAllENIs: No IPv4 and IPv6 addresses found") return DescribeAllENIsResult{}, outOfSyncErr } } + // Check IPv4 addresses - logOutOfSyncState(eniID, eniMetadata.IPv4Addresses, ec2res.PrivateIpAddresses) + if len(eniMetadata.IPv4Addresses) > 0 { + logOutOfSyncState(eniID, eniMetadata.IPv4Addresses, ec2res.PrivateIpAddresses) + } tagMap[eniMetadata.ENIID] = convertSDKTagsToTags(ec2res.TagSet) } return DescribeAllENIsResult{ diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index 65bf4ee7d1..897c451d0b 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -56,6 +56,7 @@ const ( metadataSubnetCIDR = "/subnet-ipv4-cidr-block" metadataIPv4s = "/local-ipv4s" metadataIPv4Prefixes = "/ipv4-prefix" + metadataIPv6s = "/ipv6s" metadataIPv6Prefixes = "/ipv6-prefix" az = "us-east-1a" @@ -79,12 +80,14 @@ const ( eni2Device = "1" eni2PrivateIP = "10.0.0.2" eni2Prefix = "10.0.2.0/28" + eni2v6IP = "2001:db8:8:4::2" eni2v6Prefix = "2001:db8::/64" eni2ID = "eni-12341234" metadataVPCIPv4CIDRs = "192.168.0.0/16 100.66.0.0/1" myNodeName = "testNodeName" imdsMACFields = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block local-ipv4s ipv4-prefix ipv6-prefix" imdsMACFieldsEfaOnly = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block ipv4-prefix ipv6-prefix" + imdsMACFieldsV6Only = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv6-cidr-blocks ipv6s ipv6-prefix" ) func testMetadata(overrides map[string]interface{}) FakeIMDS { @@ -241,6 +244,23 @@ func TestGetAttachedENIsWithEfaOnly(t *testing.T) { } } +func TestGetAttachedENIsWithIPv6Only(t *testing.T) { + mockMetadata := testMetadata(map[string]interface{}{ + metadataMACPath: primaryMAC + " " + eni2MAC, + metadataMACPath + eni2MAC: imdsMACFieldsV6Only, + metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, + metadataMACPath + eni2MAC + metadataInterface: eni2ID, + metadataMACPath + eni2MAC + metadataIPv6s: eni2v6IP, + metadataMACPath + eni2MAC + metadataIPv6Prefixes: eni2v6Prefix, + }) + + cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}} + ens, err := cache.GetAttachedENIs() + if assert.NoError(t, err) { + assert.Equal(t, len(ens), 2) + } +} + func TestGetAttachedENIsWithPrefixes(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, From a9c972d3662ea23cf9b0283eac6a8b0b194a34e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 10:39:51 +0000 Subject: [PATCH 05/60] Bump go.uber.org/zap from 1.26.0 to 1.27.0 Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 57ec4cc60d..e1e83b990d 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.3.0 - go.uber.org/zap v1.26.0 + go.uber.org/zap v1.27.0 golang.org/x/net v0.30.0 golang.org/x/sys v0.26.0 google.golang.org/grpc v1.67.1 diff --git a/go.sum b/go.sum index 6691195368..7052c95f1a 100644 --- a/go.sum +++ b/go.sum @@ -448,8 +448,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= From 53f925d7438497fa9f08f3efdd3d1fa4828edc7e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 10:39:54 +0000 Subject: [PATCH 06/60] Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e1e83b990d..0f1cd61948 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.10.0 github.com/vishvananda/netlink v1.3.0 go.uber.org/zap v1.27.0 golang.org/x/net v0.30.0 diff --git a/go.sum b/go.sum index 7052c95f1a..0f4f416776 100644 --- a/go.sum +++ b/go.sum @@ -405,8 +405,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk= github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8= From 5acb6f3464f8b3eb7b4940e0a91928371eaabfef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 10:39:57 +0000 Subject: [PATCH 07/60] Bump github.com/onsi/gomega from 1.35.1 to 1.36.0 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.35.1 to 1.36.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.35.1...v1.36.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0f1cd61948..21f2507ea6 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 github.com/onsi/ginkgo/v2 v2.20.1 - github.com/onsi/gomega v1.35.1 + github.com/onsi/gomega v1.36.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 diff --git a/go.sum b/go.sum index 0f4f416776..b717462860 100644 --- a/go.sum +++ b/go.sum @@ -330,8 +330,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y= +github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= From 1b631d25a4d73e31d262b7b83340b2064e5cc803 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Dec 2024 10:40:01 +0000 Subject: [PATCH 08/60] Bump github.com/prometheus/common from 0.60.0 to 0.60.1 Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.60.0 to 0.60.1. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](https://github.com/prometheus/common/compare/v0.60.0...v0.60.1) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 21f2507ea6..0c27aac786 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.60.0 + github.com/prometheus/common v0.60.1 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index b717462860..66622c2b2d 100644 --- a/go.sum +++ b/go.sum @@ -360,8 +360,8 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= -github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= +github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= From 04f06466658d695ea0e4cbdd08dfc63ef0dafb54 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Tue, 3 Dec 2024 19:12:15 -0800 Subject: [PATCH 09/60] Update changelog from release-1.19 branch to master branch. (#3136) * Update to Changelog, config and scripts. (#3095) (#3107) (#3108) * Update to Changelog, config and scripts. * Add Version in Changelog. Co-authored-by: Senthil Kumaran * Updating Manifest, Changelog and scripts (#3115) * Update to Changelog, config and scripts. (#3095) (#3107) (#3118) * Update to Changelog, config and scripts. * Add Version in Changelog. Co-authored-by: Senthil Kumaran * fixed the changelog. --------- Co-authored-by: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> --- CHANGELOG.md | 6 +++++- charts/aws-vpc-cni/Chart.yaml | 4 ++-- charts/aws-vpc-cni/README.md | 6 +++--- charts/aws-vpc-cni/values.yaml | 10 ++++++---- charts/cni-metrics-helper/Chart.yaml | 4 ++-- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 20 ++++++++++--------- config/master/aws-k8s-cni-us-gov-east-1.yaml | 20 ++++++++++--------- config/master/aws-k8s-cni-us-gov-west-1.yaml | 20 ++++++++++--------- config/master/aws-k8s-cni.yaml | 20 ++++++++++--------- config/master/cni-metrics-helper-cn.yaml | 10 +++++----- .../cni-metrics-helper-us-gov-east-1.yaml | 10 +++++----- .../cni-metrics-helper-us-gov-west-1.yaml | 10 +++++----- config/master/cni-metrics-helper.yaml | 10 +++++----- scripts/generate-cni-yaml.sh | 4 ++-- scripts/run-cni-release-tests.sh | 6 +++--- 17 files changed, 89 insertions(+), 75 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3707635a05..7f6e0bc2e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # Changelog -## v1.18.5 +## v1.19.0 + +* Manifest update for unsupported compute type + +## v1.18.6 ### What's Changed diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 3997bbe2b0..82341f121c 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.18.6 -appVersion: "v1.18.6" +version: 1.19.0 +appVersion: "v1.19.0" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 7e277a59fa..718b4fb3eb 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.18.6` | +| `image.tag` | Image tag | `v1.19.0` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.18.6` | +| `init.image.tag` | Image tag | `v1.19.0` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -69,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.4` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.1.5` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 180ae01d9f..8a1f02d2ad 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.18.6 + tag: v1.19.0 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.1.4 + tag: v1.1.5 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -51,7 +51,7 @@ nodeAgent: resources: {} image: - tag: v1.18.6 + tag: v1.19.0 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -85,7 +85,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.18.6" + VPC_CNI_VERSION: "v1.19.0" NETWORK_POLICY_ENFORCING_MODE: "standard" # Add env from configMap or from secrets @@ -209,6 +209,8 @@ affinity: operator: NotIn values: - fargate + - hybrid + - auto eniConfig: # Specifies whether ENIConfigs should be created diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index bcdf656fa4..3520bca7c4 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.18.6 -appVersion: v1.18.6 +version: 1.19.0 +appVersion: v1.19.0 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index bfa83ed2b2..1cb17f80d7 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d | -------------------------------|---------------------------------------------------------------|-------------------------------------| | `affinity` | Map of node/pod affinities | `{}` | | `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | -| `image.tag` | Image tag | `v1.18.6` | +| `image.tag` | Image tag | `v1.19.0` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.account` | ECR repository account number | `602401143452` | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 35712ba8e0..a7473d22c3 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.18.6 + tag: v1.19.0 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index 0c0051fae9..ba5560cf26 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.6 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.19.0 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.6 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.19.0 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.6" + value: "v1.19.0" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.4 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.5 imagePullPolicy: Always env: - name: MY_NODE_NAME @@ -613,3 +613,5 @@ spec: operator: NotIn values: - fargate + - hybrid + - auto diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index 2d4485a4e3..c743962aec 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.6 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.19.0 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.6 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.19.0 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.6" + value: "v1.19.0" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.4 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.5 imagePullPolicy: Always env: - name: MY_NODE_NAME @@ -613,3 +613,5 @@ spec: operator: NotIn values: - fargate + - hybrid + - auto diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 52290831cf..f705d3dedc 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.6 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.19.0 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.6 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.19.0 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.6" + value: "v1.19.0" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.4 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.5 imagePullPolicy: Always env: - name: MY_NODE_NAME @@ -613,3 +613,5 @@ spec: operator: NotIn values: - fargate + - hybrid + - auto diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index 55bfbbce3f..c51fb18d26 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.6 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.19.0 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.6 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.19.0 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.6" + value: "v1.19.0" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -539,7 +539,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.4 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.5 imagePullPolicy: Always env: - name: MY_NODE_NAME @@ -613,3 +613,5 @@ spec: operator: NotIn values: - fargate + - hybrid + - auto diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 7804a6b96c..d7a890fc85 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.6" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.19.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 33ba527f41..c7727b254a 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.6" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.19.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index 13b7c50d62..af6d7f9a76 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.6" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.19.0" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index c8224a42dd..54893b47ee 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.18.6" + app.kubernetes.io/version: "v1.19.0" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.6" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.0" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index a1064267dc..455b16cc3f 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.18.6" -NODE_AGENT_VERSION="v1.1.4" +VPC_CNI_VERSION="v1.19.0" +NODE_AGENT_VERSION="v1.1.5" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 92fafe84f5..d8c0b0b024 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.6" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.0" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -38,9 +38,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.6" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.19.0" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.6}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.0}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From f617e6865273cc45ba332e95615aaafd8bc14f43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 01:14:40 +0000 Subject: [PATCH 10/60] Bump github.com/onsi/ginkgo/v2 from 2.20.1 to 2.22.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.20.1 to 2.22.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.20.1...v2.22.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 0c27aac786..c715537b3c 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/go-logr/logr v1.4.2 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.20.1 + github.com/onsi/ginkgo/v2 v2.22.0 github.com/onsi/gomega v1.36.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.4 @@ -88,7 +88,7 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect + github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.0 // indirect @@ -155,7 +155,7 @@ require ( golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.19.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.24.0 // indirect + golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect diff --git a/go.sum b/go.sum index 66622c2b2d..ebaeb78073 100644 --- a/go.sum +++ b/go.sum @@ -203,8 +203,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= -github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= +github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -328,8 +328,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= -github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y= github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -524,8 +524,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 2aa294429be8b75721cbcfca9db2bad9a04273a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 01:18:00 +0000 Subject: [PATCH 11/60] Bump golang.org/x/sys from 0.26.0 to 0.27.0 in /test/agent Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.26.0 to 0.27.0. - [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 0f54d85029..ff275ad30a 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.8.0 github.com/vishvananda/netlink v1.3.0 - golang.org/x/sys v0.26.0 + golang.org/x/sys v0.27.0 ) require github.com/vishvananda/netns v0.0.4 // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 11a4ccbf71..25ea15f1b6 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -6,5 +6,5 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From d64b8b45dc35fe963dddc59469c0739d147f9913 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 19:56:42 +0000 Subject: [PATCH 12/60] Bump golang.org/x/sys from 0.27.0 to 0.28.0 in /test/agent Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.27.0 to 0.28.0. - [Commits](https://github.com/golang/sys/compare/v0.27.0...v0.28.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index ff275ad30a..6f2eeb23d4 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.8.0 github.com/vishvananda/netlink v1.3.0 - golang.org/x/sys v0.27.0 + golang.org/x/sys v0.28.0 ) require github.com/vishvananda/netns v0.0.4 // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 25ea15f1b6..823171d3fc 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -6,5 +6,5 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From fb6d2313621fd09864d3e055b3988cae2f12b086 Mon Sep 17 00:00:00 2001 From: Shehbaj Dhillon Date: Sat, 7 Dec 2024 11:22:31 -0800 Subject: [PATCH 13/60] Fix KOps Integration Test (#3140) * scripts lib integration: add more logging steps * scripts lib cluster: increase kops control plane node size --- scripts/lib/cluster.sh | 3 ++ scripts/lib/integration.sh | 85 +++++++++++++++++++++++++++++--------- 2 files changed, 69 insertions(+), 19 deletions(-) diff --git a/scripts/lib/cluster.sh b/scripts/lib/cluster.sh index 0c375ce569..ee151f7c94 100644 --- a/scripts/lib/cluster.sh +++ b/scripts/lib/cluster.sh @@ -96,6 +96,9 @@ function up-kops-cluster { --networking amazonvpc \ --node-count 2 \ --node-size c5.xlarge \ + --control-plane-count 3 \ + --control-plane-size c5.xlarge \ + --control-plane-zones ${AWS_DEFAULT_REGION}a,${AWS_DEFAULT_REGION}b \ --ssh-public-key=~/.ssh/devopsinuse.pub \ --kubernetes-version ${K8S_VERSION} \ --image ${HOST_IMAGE_SSM_PARAMETER} \ diff --git a/scripts/lib/integration.sh b/scripts/lib/integration.sh index 7045a6aef9..53a1d75f89 100644 --- a/scripts/lib/integration.sh +++ b/scripts/lib/integration.sh @@ -1,32 +1,79 @@ function run_kops_conformance() { - START=$SECONDS + START=$SECONDS + + export KUBECONFIG=~/.kube/config + + echo "=== Setting up test environment ===" + echo "Current directory: $(pwd)" + echo "KUBECONFIG path: $KUBECONFIG" + echo "K8S_VERSION: $K8S_VERSION" - export KUBECONFIG=~/.kube/config - kubectl apply -f "$TEST_CONFIG_PATH" + # Download e2e test binary + echo "=== Downloading e2e test binary ===" + wget -qO- https://dl.k8s.io/v$K8S_VERSION/kubernetes-test-linux-amd64.tar.gz | tar -zxvf - --strip-components=3 -C /tmp kubernetes/test/bin/e2e.test + + # Apply CNI config and wait for daemonset + echo "=== Applying CNI configuration ===" + kubectl apply -f "$TEST_CONFIG_PATH" + echo "Waiting for aws-node daemonset to be ready..." + sleep 5 + while [[ $(kubectl describe ds aws-node -n=kube-system | grep "Available Pods: 0") ]]; do sleep 5 - while [[ $(kubectl describe ds aws-node -n=kube-system | grep "Available Pods: 0") ]] - do - sleep 5 - echo "Waiting for daemonset update" - done - echo "Updated!" + echo "Still waiting for daemonset update..." + kubectl get ds aws-node -n kube-system + done + echo "CNI DaemonSet is ready!" + + # Show cluster state before tests + echo "=== Cluster State Before Tests ===" + echo "Nodes:" + kubectl get nodes -o wide + echo "Pods in kube-system:" + kubectl get pods -n kube-system + echo "CNI DaemonSet status:" + kubectl describe ds aws-node -n=kube-system + + # Run the focused set of tests with detailed logging + TEST_START=$SECONDS + set -o pipefail # Ensure we catch test failures + + /tmp/e2e.test --ginkgo.focus="Conformance" --ginkgo.timeout=120m --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.trace --ginkgo.flake-attempts 8 \ + --ginkgo.skip="(works for CRD with validation schema)|(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|(Basic StatefulSet functionality [StatefulSetBasic])|\[Slow\]|\[Serial\]" + + /tmp/e2e.test --ginkgo.focus="\[Serial\].*Conformance" --ginkgo.timeout=120m --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.trace --ginkgo.flake-attempts 8 \ + --ginkgo.skip="(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|\[Slow\]" + echo "Kops conformance tests ran successfully!" + + TEST_EXIT_CODE=$? + TEST_DURATION=$((SECONDS - TEST_START)) - wget -qO- https://dl.k8s.io/v$K8S_VERSION/kubernetes-test-linux-amd64.tar.gz | tar -zxvf - --strip-components=3 -C /tmp kubernetes/test/bin/e2e.test + echo "=== Test Results ===" + echo "Test duration: $TEST_DURATION seconds" + echo "Exit code: $TEST_EXIT_CODE" - /tmp/e2e.test --ginkgo.focus="Conformance" --ginkgo.timeout 120m --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ - --ginkgo.skip="(works for CRD with validation schema)|(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|(Basic StatefulSet functionality [StatefulSetBasic])|\[Slow\]|\[Serial\]" + # Show cluster state after tests + echo "=== Cluster State After Tests ===" + echo "Nodes:" + kubectl get nodes -o wide + echo "Pods in kube-system:" + kubectl get pods -n kube-system + echo "CNI DaemonSet status:" + kubectl describe ds aws-node -n=kube-system - /tmp/e2e.test --ginkgo.focus="\[Serial\].*Conformance" --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.fail-fast --ginkgo.flake-attempts 2 \ - --ginkgo.skip="(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|\[Slow\]" - echo "Kops conformance tests ran successfully!" + KOPS_TEST_DURATION=$((SECONDS - START)) + echo "=== Test Run Complete ===" + echo "TIMELINE: KOPS tests took $KOPS_TEST_DURATION seconds" - KOPS_TEST_DURATION=$((SECONDS - START)) - echo "TIMELINE: KOPS tests took $KOPS_TEST_DURATION seconds." + # Workaround to avoid ENI leakage during cluster deletion + # See: https://github.com/aws/amazon-vpc-cni-k8s/issues/1223 + echo "Waiting for 240 seconds to avoid ENI leakage..." + sleep 240 - sleep 240 #Workaround to avoid ENI leakage during cluster deletion: https://github.com/aws/amazon-vpc-cni-k8s/issues/1223 + # Exit with the test exit code + return $TEST_EXIT_CODE } -function build_and_push_image(){ +function build_and_push_image() { command=$1 args=$2 START=$SECONDS From 2aea0fd2453975bea25d13016293dbb9209e13a0 Mon Sep 17 00:00:00 2001 From: Todd Neal Date: Sun, 8 Dec 2024 12:41:59 -0600 Subject: [PATCH 14/60] run make generate-limits to update the max pods file (#3141) --- misc/eni-max-pods.txt | 24 +- pkg/vpc/vpc_ip_resource_limit.go | 486 +++++++++++++++++++++++++++---- 2 files changed, 450 insertions(+), 60 deletions(-) diff --git a/misc/eni-max-pods.txt b/misc/eni-max-pods.txt index 92a8fcbcfe..a0cec0f5c2 100644 --- a/misc/eni-max-pods.txt +++ b/misc/eni-max-pods.txt @@ -256,10 +256,6 @@ dl2q.24xlarge 737 f1.16xlarge 394 f1.2xlarge 58 f1.4xlarge 234 -g3.16xlarge 737 -g3.4xlarge 234 -g3.8xlarge 234 -g3s.xlarge 58 g4ad.16xlarge 234 g4ad.2xlarge 8 g4ad.4xlarge 29 @@ -353,6 +349,24 @@ i4i.8xlarge 234 i4i.large 29 i4i.metal 737 i4i.xlarge 58 +i7ie.12xlarge 394 +i7ie.18xlarge 737 +i7ie.24xlarge 737 +i7ie.2xlarge 58 +i7ie.3xlarge 58 +i7ie.48xlarge 737 +i7ie.6xlarge 234 +i7ie.large 29 +i7ie.xlarge 58 +i8g.12xlarge 234 +i8g.16xlarge 737 +i8g.24xlarge 737 +i8g.2xlarge 58 +i8g.4xlarge 234 +i8g.8xlarge 234 +i8g.large 29 +i8g.metal-24xl 737 +i8g.xlarge 58 im4gn.16xlarge 737 im4gn.2xlarge 58 im4gn.4xlarge 234 @@ -592,6 +606,7 @@ p4d.24xlarge 737 p4de.24xlarge 737 p5.48xlarge 100 p5e.48xlarge 100 +p5en.48xlarge 198 r3.2xlarge 58 r3.4xlarge 234 r3.8xlarge 234 @@ -828,6 +843,7 @@ t4g.xlarge 58 trn1.2xlarge 58 trn1.32xlarge 247 trn1n.32xlarge 247 +trn2.48xlarge 100 u-12tb1.112xlarge 737 u-12tb1.metal 147 u-18tb1.112xlarge 737 diff --git a/pkg/vpc/vpc_ip_resource_limit.go b/pkg/vpc/vpc_ip_resource_limit.go index 86a56659fc..42f2e0cc3f 100644 --- a/pkg/vpc/vpc_ip_resource_limit.go +++ b/pkg/vpc/vpc_ip_resource_limit.go @@ -3060,62 +3060,6 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "xen", IsBareMetal: false, }, - "g3.16xlarge": { - ENILimit: 15, - IPv4Limit: 50, - DefaultNetworkCardIndex: 0, - NetworkCards: []NetworkCard{ - { - MaximumNetworkInterfaces: 15, - NetworkCardIndex: 0, - }, - - }, - HypervisorType: "xen", - IsBareMetal: false, - }, - "g3.4xlarge": { - ENILimit: 8, - IPv4Limit: 30, - DefaultNetworkCardIndex: 0, - NetworkCards: []NetworkCard{ - { - MaximumNetworkInterfaces: 8, - NetworkCardIndex: 0, - }, - - }, - HypervisorType: "xen", - IsBareMetal: false, - }, - "g3.8xlarge": { - ENILimit: 8, - IPv4Limit: 30, - DefaultNetworkCardIndex: 0, - NetworkCards: []NetworkCard{ - { - MaximumNetworkInterfaces: 8, - NetworkCardIndex: 0, - }, - - }, - HypervisorType: "xen", - IsBareMetal: false, - }, - "g3s.xlarge": { - ENILimit: 4, - IPv4Limit: 15, - DefaultNetworkCardIndex: 0, - NetworkCards: []NetworkCard{ - { - MaximumNetworkInterfaces: 4, - NetworkCardIndex: 0, - }, - - }, - HypervisorType: "xen", - IsBareMetal: false, - }, "g4ad.16xlarge": { ENILimit: 8, IPv4Limit: 30, @@ -4458,6 +4402,258 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "i7ie.12xlarge": { + ENILimit: 8, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.18xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.24xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.3xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.48xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.6xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.large": { + ENILimit: 3, + IPv4Limit: 10, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 3, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i7ie.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.12xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.16xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.24xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.large": { + ENILimit: 3, + IPv4Limit: 10, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 3, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "i8g.metal-24xl": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "unknown", + IsBareMetal: true, + }, + "i8g.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "im4gn.16xlarge": { ENILimit: 15, IPv4Limit: 50, @@ -8144,6 +8340,95 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "p5en.48xlarge": { + ENILimit: 4, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 1, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 2, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 3, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 4, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 5, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 6, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 7, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 8, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 9, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 10, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 11, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 12, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 13, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 14, + }, + + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 15, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "r3.2xlarge": { ENILimit: 4, IPv4Limit: 15, @@ -11578,6 +11863,95 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "trn2.48xlarge": { + ENILimit: 2, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 0, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 1, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 2, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 3, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 4, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 5, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 6, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 7, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 8, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 9, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 10, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 11, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 12, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 13, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 14, + }, + + { + MaximumNetworkInterfaces: 2, + NetworkCardIndex: 15, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "u-12tb1.112xlarge": { ENILimit: 15, IPv4Limit: 50, From 8dd2a5a5797bb67f4bdb09d51678c62cb1283d9d Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Mon, 9 Dec 2024 11:37:20 -0800 Subject: [PATCH 15/60] Update AWS VPC CNI to SDK V2 Update - master branch (#3070) * Update AWS SDK to Version 2 and Remove V1 Dependency. Fixes https://github.com/aws/amazon-vpc-cni-k8s/issues/3116 --- .github/workflows/deps.yml | 1 + .github/workflows/integration-tests.yaml | 1 + .github/workflows/pr-automated-tests.yaml | 1 + cmd/cni-metrics-helper/metrics/metrics.go | 20 +- cmd/routed-eni-cni-plugin/cni_test.go | 2 +- go.mod | 21 +- go.sum | 42 +- pkg/awsutils/awssession/session.go | 109 +++- pkg/awsutils/awssession/session_test.go | 9 +- pkg/awsutils/awsutils.go | 429 +++++++------- pkg/awsutils/awsutils_test.go | 551 +++++++++--------- pkg/awsutils/imds.go | 512 +++++++++++----- pkg/awsutils/mocks/awsutils_mocks.go | 26 +- pkg/ec2metadatawrapper/ec2metadatawrapper.go | 43 +- .../ec2metadatawrapper_test.go | 34 +- .../mocks/ec2metadatawrapper_mocks.go | 71 ++- pkg/ec2wrapper/client.go | 41 +- pkg/ec2wrapper/ec2wrapper.go | 50 +- pkg/ec2wrapper/ec2wrapper_test.go | 22 +- pkg/ec2wrapper/mocks/ec2wrapper_mocks.go | 190 +++--- pkg/ipamd/ipamd.go | 62 +- pkg/ipamd/ipamd_test.go | 95 +-- pkg/publisher/generate_mocks.go | 16 + .../mock_publisher/mock_publisher.go | 102 +++- pkg/publisher/publisher.go | 83 +-- pkg/publisher/publisher_test.go | 79 ++- pkg/utils/cniutils/cni_utils.go | 10 +- pkg/utils/cniutils/cni_utils_test.go | 33 +- pkg/vpc/vpc.go | 10 +- scripts/gen_vpc_ip_limits.go | 107 ++-- test/framework/framework.go | 8 +- test/framework/resources/aws/cloud.go | 36 +- .../resources/aws/services/autoscaling.go | 23 +- .../resources/aws/services/cloudformation.go | 43 +- .../resources/aws/services/cloudwatch.go | 25 +- test/framework/resources/aws/services/ec2.go | 288 ++++----- test/framework/resources/aws/services/eks.go | 86 +-- test/framework/resources/aws/services/iam.go | 65 ++- .../resources/aws/utils/nodegroup.go | 34 +- .../resources/k8s/manifest/daemonset.go | 2 +- .../resources/k8s/manifest/deployment.go | 2 +- test/framework/resources/k8s/manifest/job.go | 2 +- test/framework/resources/k8s/manifest/pod.go | 2 +- test/framework/resources/k8s/utils/addon.go | 6 +- .../az-traffic/pod_az_traffic_suite_test.go | 4 +- .../az-traffic/pod_traffic_across_az_test.go | 32 +- .../cni-egress/pod_egress_suite_test.go | 11 +- .../integration/cni-egress/pod_egress_test.go | 2 +- .../upgrade_downgrade_suite_test.go | 7 +- .../cni/pod_networking_suite_test.go | 7 +- test/integration/cni/pod_traffic_test.go | 20 +- .../cni/service_connectivity_test.go | 2 +- test/integration/cni/soak_test.go | 15 +- test/integration/common/util.go | 10 +- .../custom_networking_sgpp_suite_test.go | 37 +- .../custom-networking-sgpp/trunk_test.go | 4 +- .../custom_networking_suite_test.go | 37 +- .../eni_subnet_discovery_suite_test.go | 22 +- .../eni_subnet_discovery_test.go | 46 +- test/integration/ipamd/common.go | 4 +- test/integration/ipamd/eni_ip_leak_test.go | 7 +- test/integration/ipamd/eni_tag_test.go | 9 +- test/integration/ipamd/ipamd_event_test.go | 28 +- test/integration/ipamd/ipamd_suite_test.go | 5 +- test/integration/ipamd/warm_target_test.go | 5 +- .../ipamd/warm_target_test_PD_enabled.go | 9 +- .../ipv6/pod_v6_networking_suite_test.go | 8 +- .../metrics-helper/metric_helper_test.go | 19 +- .../metrics_helper_suite_test.go | 19 +- .../security_group_per_pod_suite_test.go | 31 +- .../pod-eni/security_group_per_pod_test.go | 19 +- test/integration/snat/snat_suite_test.go | 29 +- test/integration/snat/snat_test.go | 19 +- utils/imds/imds.go | 36 +- 74 files changed, 2262 insertions(+), 1635 deletions(-) create mode 100644 pkg/publisher/generate_mocks.go diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml index ee5a5f71c2..91e0303c12 100644 --- a/.github/workflows/deps.yml +++ b/.github/workflows/deps.yml @@ -4,6 +4,7 @@ on: branches: - "master" - "release*" + - "sdkv2" permissions: contents: read jobs: diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index ef244eae7d..470ef64e53 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -5,6 +5,7 @@ on: branches: - "master" - "release*" + - "sdk*" permissions: id-token: write diff --git a/.github/workflows/pr-automated-tests.yaml b/.github/workflows/pr-automated-tests.yaml index e4b45bd48f..3796ac5ac8 100644 --- a/.github/workflows/pr-automated-tests.yaml +++ b/.github/workflows/pr-automated-tests.yaml @@ -4,6 +4,7 @@ on: branches: - "master" - "release*" + - "sdkv2*" permissions: contents: read jobs: diff --git a/cmd/cni-metrics-helper/metrics/metrics.go b/cmd/cni-metrics-helper/metrics/metrics.go index fc3f2ff42f..eae4e9e982 100644 --- a/cmd/cni-metrics-helper/metrics/metrics.go +++ b/cmd/cni-metrics-helper/metrics/metrics.go @@ -19,8 +19,8 @@ import ( "context" "fmt" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cloudwatch" + "github.com/aws/aws-sdk-go-v2/aws" + cloudwatchtypes "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" dto "github.com/prometheus/client_model/go" "github.com/prometheus/common/expfmt" "k8s.io/client-go/kubernetes" @@ -288,9 +288,9 @@ func produceHistogram(act metricsAction, cw publisher.Publisher) { prevUpperBound = *bucket.UpperBound if *bucket.CumulativeCount != 0 { - dataPoint := &cloudwatch.MetricDatum{ + dataPoint := cloudwatchtypes.MetricDatum{ MetricName: aws.String(act.cwMetricName), - StatisticValues: &cloudwatch.StatisticSet{ + StatisticValues: &cloudwatchtypes.StatisticSet{ Maximum: aws.Float64(mid), Minimum: aws.Float64(mid), SampleCount: aws.Float64(*bucket.CumulativeCount), @@ -322,23 +322,23 @@ func produceCloudWatchMetrics(t metricsTarget, families map[string]*dto.MetricFa for _, action := range convertMetrics.actions { switch metricType { case dto.MetricType_COUNTER: - dataPoint := &cloudwatch.MetricDatum{ + dataPoint := cloudwatchtypes.MetricDatum{ MetricName: aws.String(action.cwMetricName), - Unit: aws.String(cloudwatch.StandardUnitCount), + Unit: cloudwatchtypes.StandardUnitCount, Value: aws.Float64(action.data.curSingleDataPoint), } cw.Publish(dataPoint) case dto.MetricType_GAUGE: - dataPoint := &cloudwatch.MetricDatum{ + dataPoint := cloudwatchtypes.MetricDatum{ MetricName: aws.String(action.cwMetricName), - Unit: aws.String(cloudwatch.StandardUnitCount), + Unit: cloudwatchtypes.StandardUnitCount, Value: aws.Float64(action.data.curSingleDataPoint), } cw.Publish(dataPoint) case dto.MetricType_SUMMARY: - dataPoint := &cloudwatch.MetricDatum{ + dataPoint := cloudwatchtypes.MetricDatum{ MetricName: aws.String(action.cwMetricName), - Unit: aws.String(cloudwatch.StandardUnitCount), + Unit: cloudwatchtypes.StandardUnitCount, Value: aws.Float64(action.data.curSingleDataPoint), } cw.Publish(dataPoint) diff --git a/cmd/routed-eni-cni-plugin/cni_test.go b/cmd/routed-eni-cni-plugin/cni_test.go index eaa3c70a12..4535b08ac0 100644 --- a/cmd/routed-eni-cni-plugin/cni_test.go +++ b/cmd/routed-eni-cni-plugin/cni_test.go @@ -21,7 +21,7 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/sgpp" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go-v2/aws" current "github.com/containernetworking/cni/pkg/types/100" "github.com/containernetworking/cni/pkg/skel" diff --git a/go.mod b/go.mod index c715537b3c..ca6a8cbfa9 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,16 @@ require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 - github.com/aws/aws-sdk-go v1.55.5 + github.com/aws/aws-sdk-go-v2 v1.32.5 + github.com/aws/aws-sdk-go-v2/config v1.28.4 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.50.0 + github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 + github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 + github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 + github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 + github.com/aws/smithy-go v1.22.1 github.com/containernetworking/cni v1.2.3 github.com/containernetworking/plugins v1.5.1 github.com/coreos/go-iptables v0.8.0 @@ -50,6 +59,16 @@ require ( github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/hcsshim v0.12.3 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect + github.com/aws/aws-sdk-go v1.51.32 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.45 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index ebaeb78073..2699371c68 100644 --- a/go.sum +++ b/go.sum @@ -37,8 +37,46 @@ github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4yleqbIOKEevKfVxozKvhJWok= github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= -github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= -github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= +github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= +github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.4 h1:qgD0MKmkIzZR2DrAjWJcI9UkndjR+8f6sjUQvXh0mb0= +github.com/aws/aws-sdk-go-v2/config v1.28.4/go.mod h1:LgnWnNzHZw4MLplSyEGia0WgJ/kCGD86zGCjvNpehJs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.45 h1:DUgm5lFso57E7150RBgu1JpVQoF8fAPretiDStIuVjg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.45/go.mod h1:dnBpENcPC1ekZrGpSWspX+ZRGzhkvqngT2Qp5xBR1dY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 h1:woXadbf0c7enQ2UGCi8gW/WuKmE0xIzxBF/eD94jMKQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19/go.mod h1:zminj5ucw7w0r65bP6nhyOd3xL6veAUMc3ElGMoLVb4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.50.0 h1:5tF6T8pAKna0TZ2g77jKdTCKoIRDsaYlYxz9OC1BraI= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.50.0/go.mod h1:I1+/2m+IhnK5qEbhS3CrzjeiVloo9sItE/2K+so0fkU= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 h1:zmXJiEm/fQYtFDLIUsZrcPIjTrL3R/noFICGlYBj3Ww= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0/go.mod h1:9nOjXCDKE+QMK4JaCrLl36PU+VEfJmI7WVehYmojO8s= +github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 h1:r1sp92LSk4Gx8l0gScEjzSN+4iiImDvNayY9JYPNtNI= +github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0/go.mod h1:fkETEwhdw2tOqu5m0Xa3wimV3PLDaiGqNrVZ3MJ7zOc= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 h1:eBriSsQa4r7aiKF2wv1EGYbK3X1VnjAYvdOlepBUi8s= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0/go.mod h1:0A17IIeys01WfjDKehspGP+Cyo/YH/eNADIbEbRS9yM= +github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 h1:XqyUdJbXQxY48CbBtN9a51HoTQy/kTIwrWiruRDsydk= +github.com/aws/aws-sdk-go-v2/service/eks v1.52.1/go.mod h1:WTfZ/+I7aSMEna6iYm1Kjne9A8f1MyxXNfp6hCa1+Bk= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 h1:hfkzDZHBp9jAT4zcd5mtqckpU4E3Ax0LQaEWWk1VgN8= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.1/go.mod h1:u36ahDtZcQHGmVm/r+0L1sfKX4fzLEMdCqiKRKkUMVM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 h1:tHxQi/XHPK0ctd/wdOw0t7Xrc2OxcRCnVzv8lwWPu0c= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4/go.mod h1:4GQbF1vJzG60poZqWatZlhP31y8PGCCVTvIGPdaaYJ0= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 h1:HJwZwRt2Z2Tdec+m+fPjvdmkq2s9Ra+VR0hjF7V2o40= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.5/go.mod h1:wrMCEwjFPms+V86TCQQeOxQF/If4vT44FGIOFiMC2ck= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 h1:zcx9LiGWZ6i6pjdcoE9oXAB6mUdeyC36Ia/QEiIvYdg= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4/go.mod h1:Tp/ly1cTjRLGBBmNccFumbZ8oqpZlpdhFf80SrRh4is= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.0 h1:s7LRgBqhwLaxcocnAniBJp7gaAB+4I4vHzqUqjH18yc= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.0/go.mod h1:9XEUty5v5UAsMiFOBJrNibZgwCeOma73jgGwwhgffa8= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/awsutils/awssession/session.go b/pkg/awsutils/awssession/session.go index e26f75a39c..5927e32b06 100644 --- a/pkg/awsutils/awssession/session.go +++ b/pkg/awsutils/awssession/session.go @@ -14,20 +14,24 @@ package awssession import ( + "context" "fmt" "net/http" "os" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/aws/retry" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/aws/smithy-go" + smithymiddleware "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" + "strconv" "time" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" "github.com/aws/amazon-vpc-cni-k8s/utils" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/endpoints" - "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/ec2" ) // Http client timeout env for sessions @@ -58,43 +62,84 @@ func getHTTPTimeout() time.Duration { return httpTimeoutValue } -// New will return an session for service clients -func New() *session.Session { - awsCfg := aws.Config{ - MaxRetries: aws.Int(maxRetries), - HTTPClient: &http.Client{ - Timeout: getHTTPTimeout(), - }, - STSRegionalEndpoint: endpoints.RegionalSTSEndpoint, +// New will return aws.Config to be used by Service Clients. +func New(ctx context.Context) (aws.Config, error) { + customHTTPClient := &http.Client{ + Timeout: getHTTPTimeout()} + optFns := []func(*config.LoadOptions) error{ + config.WithHTTPClient(customHTTPClient), + config.WithRetryMaxAttempts(maxRetries), + config.WithRetryer(func() aws.Retryer { + return retry.NewStandard() + }), + injectUserAgent, } endpoint := os.Getenv("AWS_EC2_ENDPOINT") if endpoint != "" { - customResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) { - if service == ec2.EndpointsID { - return endpoints.ResolvedEndpoint{ - URL: endpoint, - }, nil - } - return endpoints.DefaultResolver().EndpointFor(service, region, optFns...) - } - awsCfg.EndpointResolver = endpoints.ResolverFunc(customResolver) + optFns = append(optFns, config.WithEndpointResolver(aws.EndpointResolverFunc( + func(service, region string) (aws.Endpoint, error) { + if service == ec2.ServiceID { + return aws.Endpoint{ + URL: endpoint, + }, nil + } + // Fall back to default resolution + return aws.Endpoint{}, &aws.EndpointNotFoundError{} + }))) + } - sess := session.Must(session.NewSession(&awsCfg)) - //injecting session handler info - injectUserAgent(&sess.Handlers) + cfg, err := config.LoadDefaultConfig(ctx, optFns...) + + if err != nil { + return aws.Config{}, fmt.Errorf("failed to load AWS config: %w", err) + } - return sess + return cfg, nil } // injectUserAgent will inject app specific user-agent into awsSDK -func injectUserAgent(handlers *request.Handlers) { +func injectUserAgent(loadOptions *config.LoadOptions) error { version := utils.GetEnv(envVpcCniVersion, "") - handlers.Build.PushFrontNamed(request.NamedHandler{ - Name: fmt.Sprintf("%s/user-agent", "amazon-vpc-cni-k8s"), - Fn: request.MakeAddToUserAgentHandler( - "amazon-vpc-cni-k8s", - "version/"+version), + userAgent := fmt.Sprintf("amazon-vpc-cni-k8s/version/%s", version) + + loadOptions.APIOptions = append(loadOptions.APIOptions, func(stack *smithymiddleware.Stack) error { + return stack.Build.Add(&addUserAgentMiddleware{ + userAgent: userAgent, + }, smithymiddleware.After) }) + + return nil +} + +type addUserAgentMiddleware struct { + userAgent string +} + +func (m *addUserAgentMiddleware) HandleBuild(ctx context.Context, in smithymiddleware.BuildInput, next smithymiddleware.BuildHandler) (out smithymiddleware.BuildOutput, metadata smithymiddleware.Metadata, err error) { + // Simply pass through to the next handler in the middleware chain + return next.HandleBuild(ctx, in) +} + +func (m *addUserAgentMiddleware) ID() string { + return "AddUserAgent" +} + +func (m *addUserAgentMiddleware) HandleFinalize(ctx context.Context, in smithymiddleware.FinalizeInput, next smithymiddleware.FinalizeHandler) ( + out smithymiddleware.FinalizeOutput, metadata smithymiddleware.Metadata, err error) { + req, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown request type %T", in.Request)} + } + + userAgent := req.Header.Get("User-Agent") + if userAgent == "" { + userAgent = m.userAgent + } else { + userAgent += " " + m.userAgent + } + req.Header.Set("User-Agent", userAgent) + + return next.HandleFinalize(ctx, in) } diff --git a/pkg/awsutils/awssession/session_test.go b/pkg/awsutils/awssession/session_test.go index 1ca9e4e7bf..6798929a73 100644 --- a/pkg/awsutils/awssession/session_test.go +++ b/pkg/awsutils/awssession/session_test.go @@ -1,11 +1,12 @@ package awssession import ( + "context" "os" "testing" "time" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/stretchr/testify/assert" ) @@ -25,13 +26,15 @@ func TestHttpTimeoutWithValueAbove10(t *testing.T) { func TestAwsEc2EndpointResolver(t *testing.T) { customEndpoint := "https://ec2.us-west-2.customaws.com" + ctx := context.Background() os.Setenv("AWS_EC2_ENDPOINT", customEndpoint) defer os.Unsetenv("AWS_EC2_ENDPOINT") - sess := New() + cfg, err := New(ctx) + assert.NoError(t, err) - resolvedEndpoint, err := sess.Config.EndpointResolver.EndpointFor(ec2.EndpointsID, "") + resolvedEndpoint, err := cfg.EndpointResolver.ResolveEndpoint(ec2.ServiceID, "") assert.NoError(t, err) assert.Equal(t, customEndpoint, resolvedEndpoint.URL) } diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index c037622ad8..43256cdc86 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -18,6 +18,7 @@ import ( "context" "encoding/json" "fmt" + "io" "math/rand" "net" "os" @@ -27,6 +28,10 @@ import ( "sync" "time" + "github.com/aws/aws-sdk-go-v2/config" + + "github.com/aws/smithy-go" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" @@ -36,10 +41,10 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/retry" "github.com/aws/amazon-vpc-cni-k8s/pkg/vpc" "github.com/aws/amazon-vpc-cni-k8s/utils/prometheusmetrics" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/aws/ec2metadata" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go-v2/aws" + ec2metadata "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/pkg/errors" "github.com/prometheus/client_golang/prometheus" v1 "k8s.io/api/core/v1" @@ -74,6 +79,9 @@ const ( ) var ( + awsAPIError smithy.APIError + awsGenericAPIError *smithy.GenericAPIError + // ErrENINotFound is an error when ENI is not found. ErrENINotFound = errors.New("ENI is not found") // ErrAllSecondaryIPsNotFound is returned when not all secondary IPs on an ENI have been assigned @@ -101,13 +109,13 @@ type APIs interface { GetAttachedENIs() (eniList []ENIMetadata, err error) // GetIPv4sFromEC2 returns the IPv4 addresses for a given ENI - GetIPv4sFromEC2(eniID string) (addrList []*ec2.NetworkInterfacePrivateIpAddress, err error) + GetIPv4sFromEC2(eniID string) (addrList []ec2types.NetworkInterfacePrivateIpAddress, err error) // GetIPv4PrefixesFromEC2 returns the IPv4 prefixes for a given ENI - GetIPv4PrefixesFromEC2(eniID string) (addrList []*ec2.Ipv4PrefixSpecification, err error) + GetIPv4PrefixesFromEC2(eniID string) (addrList []ec2types.Ipv4PrefixSpecification, err error) // GetIPv6PrefixesFromEC2 returns the IPv6 prefixes for a given ENI - GetIPv6PrefixesFromEC2(eniID string) (addrList []*ec2.Ipv6PrefixSpecification, err error) + GetIPv6PrefixesFromEC2(eniID string) (addrList []ec2types.Ipv6PrefixSpecification, err error) // DescribeAllENIs calls EC2 and returns a fully populated DescribeAllENIsResult struct and an error DescribeAllENIs() (DescribeAllENIsResult, error) @@ -237,23 +245,23 @@ type ENIMetadata struct { SubnetIPv6CIDR string // The ip addresses allocated for the network interface - IPv4Addresses []*ec2.NetworkInterfacePrivateIpAddress + IPv4Addresses []ec2types.NetworkInterfacePrivateIpAddress // IPv4 Prefixes allocated for the network interface - IPv4Prefixes []*ec2.Ipv4PrefixSpecification + IPv4Prefixes []ec2types.Ipv4PrefixSpecification // IPv6 addresses allocated for the network interface - IPv6Addresses []*ec2.NetworkInterfaceIpv6Address + IPv6Addresses []ec2types.NetworkInterfaceIpv6Address // IPv6 Prefixes allocated for the network interface - IPv6Prefixes []*ec2.Ipv6PrefixSpecification + IPv6Prefixes []ec2types.Ipv6PrefixSpecification } // PrimaryIPv4Address returns the primary IPv4 address of this node func (eni ENIMetadata) PrimaryIPv4Address() string { for _, addr := range eni.IPv4Addresses { - if aws.BoolValue(addr.Primary) { - return aws.StringValue(addr.PrivateIpAddress) + if addr.Primary != nil && aws.ToBool(addr.Primary) { + return aws.ToString(addr.PrivateIpAddress) } } return "" @@ -263,7 +271,7 @@ func (eni ENIMetadata) PrimaryIPv4Address() string { func (eni ENIMetadata) PrimaryIPv6Address() string { for _, addr := range eni.IPv6Addresses { if addr.Ipv6Address != nil { - return aws.StringValue(addr.Ipv6Address) + return aws.ToString(addr.Ipv6Address) } } return "" @@ -332,16 +340,15 @@ func awsReqStatus(err error) string { if err == nil { return "200" } - var aerr awserr.RequestFailure - if errors.As(err, &aerr) { - return fmt.Sprint(aerr.StatusCode()) + if errors.As(err, &awsGenericAPIError) { + return fmt.Sprint(awsGenericAPIError.ErrorCode()) } return "" // Unknown HTTP status code } func (i instrumentedIMDS) GetMetadataWithContext(ctx context.Context, p string) (string, error) { start := time.Now() - result, err := i.EC2MetadataIface.GetMetadataWithContext(ctx, p) + output, err := i.EC2MetadataIface.GetMetadata(ctx, &ec2metadata.GetMetadataInput{Path: p}) duration := msSince(start) prometheusmetrics.AwsAPILatency.WithLabelValues("GetMetadata", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(duration) @@ -349,7 +356,14 @@ func (i instrumentedIMDS) GetMetadataWithContext(ctx context.Context, p string) if err != nil { return "", newIMDSRequestError(p, err) } - return result, nil + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return "", newIMDSRequestError(p, fmt.Errorf("failed to read content: %w", err)) + } + + return string(bytes), nil } // New creates an EC2InstanceMetadataCache @@ -357,19 +371,22 @@ func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Ena // ctx is passed to initWithEC2Metadata func to cancel spawned go-routines when tests are run ctx := context.Background() - sess := awssession.New() - ec2Metadata := ec2metadata.New(sess) + awsconfig, err := awssession.New(ctx) + if err != nil { + return nil, errors.Wrap(err, "failed to create aws session") + } + ec2Metadata := ec2metadata.NewFromConfig(awsconfig) cache := &EC2InstanceMetadataCache{} cache.imds = TypedIMDS{instrumentedIMDS{ec2Metadata}} cache.clusterName = os.Getenv(clusterNameEnvVar) cache.additionalENITags = loadAdditionalENITags() - region, err := ec2Metadata.Region() + region, err := ec2Metadata.GetRegion(ctx, nil) if err != nil { log.Errorf("Failed to retrieve region data from instance metadata %v", err) return nil, errors.Wrap(err, "instance metadata: failed to retrieve region data") } - cache.region = region + cache.region = region.Region log.Debugf("Discovered region: %s", cache.region) cache.useCustomNetworking = useCustomNetworking log.Infof("Custom networking enabled %v", cache.useCustomNetworking) @@ -378,9 +395,11 @@ func New(useSubnetDiscovery, useCustomNetworking, disableLeakedENICleanup, v4Ena cache.v4Enabled = v4Enabled cache.v6Enabled = v6Enabled - awsCfg := aws.NewConfig().WithRegion(region) - sess = sess.Copy(awsCfg) - ec2SVC := ec2wrapper.New(sess) + awsCfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion(region.Region)) + if err != nil { + return nil, fmt.Errorf("unable to load SDK config, %v", err) + } + ec2SVC := ec2wrapper.New(awsCfg) cache.ec2SVC = ec2SVC err = cache.initWithEC2Metadata(ctx) if err != nil { @@ -517,31 +536,31 @@ func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string, store *datastore tempfilteredENIs := newENIs.Difference(&cache.multiCardENIs) filteredENIs := tempfilteredENIs.Difference(&cache.unmanagedENIs) - sgIDsPtrs := aws.StringSlice(sgIDs) // This will update SG for managed ENIs created by EKS. for _, eniID := range filteredENIs.SortedList() { log.Debugf("Update ENI %s", eniID) attributeInput := &ec2.ModifyNetworkInterfaceAttributeInput{ - Groups: sgIDsPtrs, + Groups: sgIDs, NetworkInterfaceId: aws.String(eniID), } start := time.Now() - _, err = cache.ec2SVC.ModifyNetworkInterfaceAttributeWithContext(context.Background(), attributeInput) + _, err = cache.ec2SVC.ModifyNetworkInterfaceAttribute(context.Background(), attributeInput) prometheusmetrics.Ec2ApiReq.WithLabelValues("ModifyNetworkInterfaceAttribute").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("ModifyNetworkInterfaceAttribute", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) + if err != nil { - if aerr, ok := err.(awserr.Error); ok { - if aerr.Code() == "InvalidNetworkInterfaceID.NotFound" { + if errors.As(err, &awsAPIError) { + if awsAPIError.ErrorCode() == "InvalidNetworkInterfaceID.NotFound" { awsAPIErrInc("IMDSMetaDataOutOfSync", err) } } checkAPIErrorAndBroadcastEvent(err, "ec2:ModifyNetworkInterfaceAttribute") awsAPIErrInc("ModifyNetworkInterfaceAttribute", err) prometheusmetrics.Ec2ApiErr.WithLabelValues("ModifyNetworkInterfaceAttribute").Inc() - //No need to return error here since retry will happen in 30seconds and also - //If update failed due to stale ENI then returning error will prevent updating SG - //for following ENIs since the list is sorted + // No need to return error here since retry will happen in 30 seconds and also + // If update failed due to stale ENI then returning error will prevent updating SG + // for following ENIs since the list is sorted log.Debugf("refreshSGIDs: unable to update the ENI %s SG - %v", eniID, err) } } @@ -610,7 +629,6 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat awsAPIErrInc("GetMACImdsFields", err) return ENIMetadata{}, err } - ipv4Available := false ipv6Available := false // Efa-only interfaces do not have any ipv4s or ipv6s associated with it. If we don't find any local-ipv4 or ipv6 info in imds we assume it to be efa-only interface and validate this later via ec2 call @@ -645,16 +663,16 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat MAC: eniMAC, DeviceNumber: deviceNum, SubnetIPv4CIDR: "", - IPv4Addresses: make([]*ec2.NetworkInterfacePrivateIpAddress, 0), - IPv4Prefixes: make([]*ec2.Ipv4PrefixSpecification, 0), + IPv4Addresses: make([]ec2types.NetworkInterfacePrivateIpAddress, 0), + IPv4Prefixes: make([]ec2types.Ipv4PrefixSpecification, 0), SubnetIPv6CIDR: "", - IPv6Addresses: make([]*ec2.NetworkInterfaceIpv6Address, 0), - IPv6Prefixes: make([]*ec2.Ipv6PrefixSpecification, 0), + IPv6Addresses: make([]ec2types.NetworkInterfaceIpv6Address, 0), + IPv6Prefixes: make([]ec2types.Ipv6PrefixSpecification, 0), }, nil } // Get IPv4 and IPv6 addresses assigned to interface - var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress + var ec2ip4s []ec2types.NetworkInterfacePrivateIpAddress var subnetV4Cidr string if ipv4Available { cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) @@ -671,16 +689,16 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat return ENIMetadata{}, err } - ec2ip4s = make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) + ec2ip4s = make([]ec2types.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) for i, ip4 := range imdsIPv4s { - ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ + ec2ip4s[i] = ec2types.NetworkInterfacePrivateIpAddress{ Primary: aws.Bool(i == 0), PrivateIpAddress: aws.String(ip4.String()), } } } - var ec2ip6s []*ec2.NetworkInterfaceIpv6Address + var ec2ip6s []ec2types.NetworkInterfaceIpv6Address var subnetV6Cidr string if cache.v6Enabled { // For IPv6 ENIs, do not error on missing IPv6 information @@ -695,17 +713,17 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat if err != nil { awsAPIErrInc("GetIPv6s", err) } else { - ec2ip6s = make([]*ec2.NetworkInterfaceIpv6Address, len(imdsIPv6s)) + ec2ip6s = make([]ec2types.NetworkInterfaceIpv6Address, len(imdsIPv6s)) for i, ip6 := range imdsIPv6s { - ec2ip6s[i] = &ec2.NetworkInterfaceIpv6Address{ + ec2ip6s[i] = ec2types.NetworkInterfaceIpv6Address{ Ipv6Address: aws.String(ip6.String()), } } } } - var ec2ipv4Prefixes []*ec2.Ipv4PrefixSpecification - var ec2ipv6Prefixes []*ec2.Ipv6PrefixSpecification + var ec2ipv4Prefixes []ec2types.Ipv4PrefixSpecification + var ec2ipv6Prefixes []ec2types.Ipv6PrefixSpecification // If IPv6 is enabled, get attached v6 prefixes. if cache.v6Enabled { @@ -715,7 +733,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat return ENIMetadata{}, err } for _, ipv6prefix := range imdsIPv6Prefixes { - ec2ipv6Prefixes = append(ec2ipv6Prefixes, &ec2.Ipv6PrefixSpecification{ + ec2ipv6Prefixes = append(ec2ipv6Prefixes, ec2types.Ipv6PrefixSpecification{ Ipv6Prefix: aws.String(ipv6prefix.String()), }) } @@ -730,7 +748,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat return ENIMetadata{}, err } for _, ipv4prefix := range imdsIPv4Prefixes { - ec2ipv4Prefixes = append(ec2ipv4Prefixes, &ec2.Ipv4PrefixSpecification{ + ec2ipv4Prefixes = append(ec2ipv4Prefixes, ec2types.Ipv4PrefixSpecification{ Ipv4Prefix: aws.String(ipv4prefix.String()), }) } @@ -752,11 +770,11 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat // awsGetFreeDeviceNumber calls EC2 API DescribeInstances to get the next free device index func (cache *EC2InstanceMetadataCache) awsGetFreeDeviceNumber() (int, error) { input := &ec2.DescribeInstancesInput{ - InstanceIds: []*string{aws.String(cache.instanceID)}, + InstanceIds: []string{cache.instanceID}, } start := time.Now() - result, err := cache.ec2SVC.DescribeInstancesWithContext(context.Background(), input) + result, err := cache.ec2SVC.DescribeInstances(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeInstances").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DescribeInstances", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -776,14 +794,14 @@ func (cache *EC2InstanceMetadataCache) awsGetFreeDeviceNumber() (int, error) { var device [maxENIs]bool for _, eni := range inst.NetworkInterfaces { // We don't support multi-card yet, so only account for network card zero - if aws.Int64Value(eni.Attachment.NetworkCardIndex) == 0 { - if aws.Int64Value(eni.Attachment.DeviceIndex) > maxENIs { + if eni.Attachment != nil && aws.ToInt32(eni.Attachment.NetworkCardIndex) == 0 { + if aws.ToInt32(eni.Attachment.DeviceIndex) > maxENIs { log.Warnf("The Device Index %d of the attached ENI %s > instance max slot %d", - aws.Int64Value(eni.Attachment.DeviceIndex), aws.StringValue(eni.NetworkInterfaceId), + aws.ToInt32(eni.Attachment.DeviceIndex), aws.ToString(eni.NetworkInterfaceId), maxENIs) } else { - log.Debugf("Discovered device number is used: %d", aws.Int64Value(eni.Attachment.DeviceIndex)) - device[aws.Int64Value(eni.Attachment.DeviceIndex)] = true + log.Debugf("Discovered device number is used: %d", aws.ToInt32(eni.Attachment.DeviceIndex)) + device[aws.ToInt32(eni.Attachment.DeviceIndex)] = true } } } @@ -817,7 +835,7 @@ func (cache *EC2InstanceMetadataCache) AllocENI(useCustomCfg bool, sg []*string, // Also change the ENI's attribute so that the ENI will be deleted when the instance is deleted. attributeInput := &ec2.ModifyNetworkInterfaceAttributeInput{ - Attachment: &ec2.NetworkInterfaceAttachmentChanges{ + Attachment: &ec2types.NetworkInterfaceAttachmentChanges{ AttachmentId: aws.String(attachmentID), DeleteOnTermination: aws.Bool(true), }, @@ -825,7 +843,7 @@ func (cache *EC2InstanceMetadataCache) AllocENI(useCustomCfg bool, sg []*string, } start := time.Now() - _, err = cache.ec2SVC.ModifyNetworkInterfaceAttributeWithContext(context.Background(), attributeInput) + _, err = cache.ec2SVC.ModifyNetworkInterfaceAttribute(context.Background(), attributeInput) prometheusmetrics.Ec2ApiReq.WithLabelValues("ModifyNetworkInterfaceAttribute").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("ModifyNetworkInterfaceAttribute", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -852,13 +870,13 @@ func (cache *EC2InstanceMetadataCache) attachENI(eniID string) (string, error) { } attachInput := &ec2.AttachNetworkInterfaceInput{ - DeviceIndex: aws.Int64(int64(freeDevice)), + DeviceIndex: aws.Int32(int32(freeDevice)), InstanceId: aws.String(cache.instanceID), NetworkInterfaceId: aws.String(eniID), - NetworkCardIndex: aws.Int64(0), + NetworkCardIndex: aws.Int32(0), } start := time.Now() - attachOutput, err := cache.ec2SVC.AttachNetworkInterfaceWithContext(context.Background(), attachInput) + attachOutput, err := cache.ec2SVC.AttachNetworkInterface(context.Background(), attachInput) prometheusmetrics.Ec2ApiReq.WithLabelValues("AttachNetworkInterface").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("AttachNetworkInterface", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -868,7 +886,7 @@ func (cache *EC2InstanceMetadataCache) attachENI(eniID string) (string, error) { log.Errorf("Failed to attach ENI %s: %v", eniID, err) return "", errors.Wrap(err, "attachENI: failed to attach ENI") } - return aws.StringValue(attachOutput.AttachmentId), err + return aws.ToString(attachOutput.AttachmentId), err } // return ENI id, error @@ -880,9 +898,9 @@ func (cache *EC2InstanceMetadataCache) createENI(useCustomCfg bool, sg []*string for key, value := range cache.buildENITags() { tags[key] = value } - tagSpec := []*ec2.TagSpecification{ + tagSpec := []ec2types.TagSpecification{ { - ResourceType: aws.String(ec2.ResourceTypeNetworkInterface), + ResourceType: ec2types.ResourceTypeNetworkInterface, Tags: convertTagsToSDKTags(tags), }, } @@ -901,18 +919,18 @@ func (cache *EC2InstanceMetadataCache) createENI(useCustomCfg bool, sg []*string if cache.enablePrefixDelegation { input = &ec2.CreateNetworkInterfaceInput{ Description: aws.String(eniDescription), - Groups: aws.StringSlice(cache.securityGroups.SortedList()), + Groups: cache.securityGroups.SortedList(), SubnetId: aws.String(cache.subnetID), TagSpecifications: tagSpec, - Ipv4PrefixCount: aws.Int64(int64(needIPs)), + Ipv4PrefixCount: aws.Int32(int32(needIPs)), } } else { input = &ec2.CreateNetworkInterfaceInput{ Description: aws.String(eniDescription), - Groups: aws.StringSlice(cache.securityGroups.SortedList()), + Groups: cache.securityGroups.SortedList(), SubnetId: aws.String(cache.subnetID), TagSpecifications: tagSpec, - SecondaryPrivateIpAddressCount: aws.Int64(int64(needIPs)), + SecondaryPrivateIpAddressCount: aws.Int32(int32(needIPs)), } } @@ -920,7 +938,7 @@ func (cache *EC2InstanceMetadataCache) createENI(useCustomCfg bool, sg []*string var networkInterfaceID string if cache.useCustomNetworking { input = createENIUsingCustomCfg(sg, eniCfgSubnet, input) - log.Infof("Creating ENI with security groups: %v in subnet: %s", aws.StringValueSlice(input.Groups), aws.StringValue(input.SubnetId)) + log.Infof("Creating ENI with security groups: %v in subnet: %s", input.Groups, aws.ToString(input.SubnetId)) networkInterfaceID, err = cache.tryCreateNetworkInterface(input) if err == nil { @@ -943,7 +961,7 @@ func (cache *EC2InstanceMetadataCache) createENI(useCustomCfg bool, sg []*string continue } } - log.Infof("Creating ENI with security groups: %v in subnet: %s", aws.StringValueSlice(input.Groups), aws.StringValue(input.SubnetId)) + log.Infof("Creating ENI with security groups: %v in subnet: %s", input.Groups, aws.ToString(input.SubnetId)) input.SubnetId = subnet.SubnetId networkInterfaceID, err = cache.tryCreateNetworkInterface(input) @@ -963,22 +981,22 @@ func (cache *EC2InstanceMetadataCache) createENI(useCustomCfg bool, sg []*string return "", errors.Wrap(err, "failed to create network interface") } -func (cache *EC2InstanceMetadataCache) getVpcSubnets() ([]*ec2.Subnet, error) { +func (cache *EC2InstanceMetadataCache) getVpcSubnets() ([]ec2types.Subnet, error) { describeSubnetInput := &ec2.DescribeSubnetsInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("vpc-id"), - Values: []*string{aws.String(cache.vpcID)}, + Values: []string{cache.vpcID}, }, { Name: aws.String("availability-zone"), - Values: []*string{aws.String(cache.availabilityZone)}, + Values: []string{cache.availabilityZone}, }, }, } start := time.Now() - subnetResult, err := cache.ec2SVC.DescribeSubnetsWithContext(context.Background(), describeSubnetInput) + subnetResult, err := cache.ec2SVC.DescribeSubnets(context.Background(), describeSubnetInput) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeSubnets").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DescribeSubnets", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -996,7 +1014,7 @@ func (cache *EC2InstanceMetadataCache) getVpcSubnets() ([]*ec2.Subnet, error) { return subnetResult.Subnets, nil } -func validTag(subnet *ec2.Subnet) bool { +func validTag(subnet ec2types.Subnet) bool { for _, tag := range subnet.Tags { if *tag.Key == subnetDiscoveryTagKey { return true @@ -1009,9 +1027,9 @@ func createENIUsingCustomCfg(sg []*string, eniCfgSubnet string, input *ec2.Creat log.Info("Using a custom network config for the new ENI") if len(sg) != 0 { - input.Groups = sg + input.Groups = aws.ToStringSlice(sg) } else { - log.Warnf("No custom networking security group found, will use the node's primary ENI's SG: %v", aws.StringValueSlice(input.Groups)) + log.Warnf("No custom networking security group found, will use the node's primary ENI's SG: %v", input.Groups) } input.SubnetId = aws.String(eniCfgSubnet) @@ -1020,12 +1038,12 @@ func createENIUsingCustomCfg(sg []*string, eniCfgSubnet string, input *ec2.Creat func (cache *EC2InstanceMetadataCache) tryCreateNetworkInterface(input *ec2.CreateNetworkInterfaceInput) (string, error) { start := time.Now() - result, err := cache.ec2SVC.CreateNetworkInterfaceWithContext(context.Background(), input) + result, err := cache.ec2SVC.CreateNetworkInterface(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("CreateNetworkInterface").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("CreateNetworkInterface", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err == nil { - log.Infof("Created a new ENI: %s", aws.StringValue(result.NetworkInterface.NetworkInterfaceId)) - return aws.StringValue(result.NetworkInterface.NetworkInterfaceId), nil + log.Infof("Created a new ENI: %s", aws.ToString(result.NetworkInterface.NetworkInterfaceId)) + return aws.ToString(result.NetworkInterface.NetworkInterfaceId), nil } checkAPIErrorAndBroadcastEvent(err, "ec2:CreateNetworkInterface") awsAPIErrInc("CreateNetworkInterface", err) @@ -1063,16 +1081,14 @@ func (cache *EC2InstanceMetadataCache) TagENI(eniID string, currentTags map[stri } input := &ec2.CreateTagsInput{ - Resources: []*string{ - aws.String(eniID), - }, - Tags: convertTagsToSDKTags(tagChanges), + Resources: []string{eniID}, + Tags: convertTagsToSDKTags(tagChanges), } log.Debugf("Tagging ENI %s with missing tags: %v", eniID, tagChanges) return retry.NWithBackoff(retry.NewSimpleBackoff(500*time.Millisecond, maxENIBackoffDelay, 0.3, 2), 5, func() error { start := time.Now() - _, err := cache.ec2SVC.CreateTagsWithContext(context.Background(), input) + _, err := cache.ec2SVC.CreateTags(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("CreateTags").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("CreateTags", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -1088,13 +1104,15 @@ func (cache *EC2InstanceMetadataCache) TagENI(eniID string, currentTags map[stri } func awsAPIErrInc(api string, err error) { - if aerr, ok := err.(awserr.Error); ok { - prometheusmetrics.AwsAPIErr.With(prometheus.Labels{"api": api, "error": aerr.Code()}).Inc() + if errors.As(err, &awsAPIError) { + prometheusmetrics.AwsAPIErr.With(prometheus.Labels{"api": api, "error": awsAPIError.ErrorCode()}).Inc() } } func awsUtilsErrInc(fn string, err error) { - prometheusmetrics.AwsUtilsErr.With(prometheus.Labels{"fn": fn, "error": err.Error()}).Inc() + if errors.As(err, &awsAPIError) { + prometheusmetrics.AwsUtilsErr.With(prometheus.Labels{"fn": fn, "error": err.Error()}).Inc() + } } // FreeENI detaches and deletes the ENI interface @@ -1116,7 +1134,7 @@ func (cache *EC2InstanceMetadataCache) freeENI(eniName string, sleepDelayAfterDe log.Errorf("Failed to retrieve ENI %s attachment id: %v", eniName, err) return errors.Wrap(err, "FreeENI: failed to retrieve ENI's attachment id") } - log.Debugf("Found ENI %s attachment id: %s ", eniName, aws.StringValue(attachID)) + log.Debugf("Found ENI %s attachment id: %s ", eniName, aws.ToString(attachID)) detachInput := &ec2.DetachNetworkInterfaceInput{ AttachmentId: attachID, @@ -1125,7 +1143,7 @@ func (cache *EC2InstanceMetadataCache) freeENI(eniName string, sleepDelayAfterDe // Retry detaching the ENI from the instance err = retry.NWithBackoff(retry.NewSimpleBackoff(time.Millisecond*200, maxBackoffDelay, 0.15, 2.0), maxENIEC2APIRetries, func() error { start := time.Now() - _, ec2Err := cache.ec2SVC.DetachNetworkInterfaceWithContext(context.Background(), detachInput) + _, ec2Err := cache.ec2SVC.DetachNetworkInterface(context.Background(), detachInput) prometheusmetrics.Ec2ApiReq.WithLabelValues("DetachNetworkInterface").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DetachNetworkInterface", fmt.Sprint(ec2Err != nil), awsReqStatus(ec2Err)).Observe(msSince(start)) if ec2Err != nil { @@ -1160,15 +1178,15 @@ func (cache *EC2InstanceMetadataCache) freeENI(eniName string, sleepDelayAfterDe func (cache *EC2InstanceMetadataCache) getENIAttachmentID(eniID string) (*string, error) { eniIds := make([]*string, 0) eniIds = append(eniIds, aws.String(eniID)) - input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: eniIds} + input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: aws.ToStringSlice(eniIds)} start := time.Now() - result, err := cache.ec2SVC.DescribeNetworkInterfacesWithContext(context.Background(), input) + result, err := cache.ec2SVC.DescribeNetworkInterfaces(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeNetworkInterfaces").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DescribeNetworkInterfaces", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { - if aerr, ok := err.(awserr.Error); ok { - if aerr.Code() == "InvalidNetworkInterfaceID.NotFound" { + if errors.As(err, &awsAPIError) { + if awsAPIError.ErrorCode() == "InvalidNetworkInterfaceID.NotFound" { return nil, ErrENINotFound } } @@ -1201,13 +1219,13 @@ func (cache *EC2InstanceMetadataCache) deleteENI(eniName string, maxBackoffDelay } err := retry.NWithBackoff(retry.NewSimpleBackoff(time.Millisecond*500, maxBackoffDelay, 0.15, 2.0), maxENIEC2APIRetries, func() error { start := time.Now() - _, ec2Err := cache.ec2SVC.DeleteNetworkInterfaceWithContext(context.Background(), deleteInput) + _, ec2Err := cache.ec2SVC.DeleteNetworkInterface(context.Background(), deleteInput) prometheusmetrics.Ec2ApiReq.WithLabelValues("DeleteNetworkInterface").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DeleteNetworkInterface", fmt.Sprint(ec2Err != nil), awsReqStatus(ec2Err)).Observe(msSince(start)) if ec2Err != nil { - if aerr, ok := ec2Err.(awserr.Error); ok { + if errors.As(ec2Err, &awsAPIError) { // If already deleted, we are good - if aerr.Code() == "InvalidNetworkInterfaceID.NotFound" { + if awsAPIError.ErrorCode() == "InvalidNetworkInterfaceID.NotFound" { log.Infof("ENI %s has already been deleted", eniName) return nil } @@ -1225,18 +1243,18 @@ func (cache *EC2InstanceMetadataCache) deleteENI(eniName string, maxBackoffDelay } // GetIPv4sFromEC2 calls EC2 and returns a list of all addresses on the ENI -func (cache *EC2InstanceMetadataCache) GetIPv4sFromEC2(eniID string) (addrList []*ec2.NetworkInterfacePrivateIpAddress, err error) { +func (cache *EC2InstanceMetadataCache) GetIPv4sFromEC2(eniID string) (addrList []ec2types.NetworkInterfacePrivateIpAddress, err error) { eniIds := make([]*string, 0) eniIds = append(eniIds, aws.String(eniID)) - input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: eniIds} + input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: aws.ToStringSlice(eniIds)} start := time.Now() - result, err := cache.ec2SVC.DescribeNetworkInterfacesWithContext(context.Background(), input) + result, err := cache.ec2SVC.DescribeNetworkInterfaces(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeNetworkInterfaces").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DescribeNetworkInterfaces", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { - if aerr, ok := err.(awserr.Error); ok { - if aerr.Code() == "InvalidNetworkInterfaceID.NotFound" { + if errors.As(err, &awsAPIError) { + if awsAPIError.ErrorCode() == "InvalidNetworkInterfaceID.NotFound" { return nil, ErrENINotFound } } @@ -1257,17 +1275,17 @@ func (cache *EC2InstanceMetadataCache) GetIPv4sFromEC2(eniID string) (addrList [ } // GetIPv4PrefixesFromEC2 calls EC2 and returns a list of all addresses on the ENI -func (cache *EC2InstanceMetadataCache) GetIPv4PrefixesFromEC2(eniID string) (addrList []*ec2.Ipv4PrefixSpecification, err error) { +func (cache *EC2InstanceMetadataCache) GetIPv4PrefixesFromEC2(eniID string) (addrList []ec2types.Ipv4PrefixSpecification, err error) { eniIds := []*string{aws.String(eniID)} - input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: eniIds} + input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: aws.ToStringSlice(eniIds)} start := time.Now() - result, err := cache.ec2SVC.DescribeNetworkInterfacesWithContext(context.Background(), input) + result, err := cache.ec2SVC.DescribeNetworkInterfaces(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeNetworkInterfaces").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DescribeNetworkInterfaces", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { - if aerr, ok := err.(awserr.Error); ok { - if aerr.Code() == "InvalidNetworkInterfaceID.NotFound" { + if errors.As(err, &awsAPIError) { + if awsAPIError.ErrorCode() == "InvalidNetworkInterfaceID.NotFound" { return nil, ErrENINotFound } @@ -1289,17 +1307,17 @@ func (cache *EC2InstanceMetadataCache) GetIPv4PrefixesFromEC2(eniID string) (add } // GetIPv6PrefixesFromEC2 calls EC2 and returns a list of all addresses on the ENI -func (cache *EC2InstanceMetadataCache) GetIPv6PrefixesFromEC2(eniID string) (addrList []*ec2.Ipv6PrefixSpecification, err error) { +func (cache *EC2InstanceMetadataCache) GetIPv6PrefixesFromEC2(eniID string) (addrList []ec2types.Ipv6PrefixSpecification, err error) { eniIds := []*string{aws.String(eniID)} - input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: eniIds} + input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: aws.ToStringSlice(eniIds)} start := time.Now() - result, err := cache.ec2SVC.DescribeNetworkInterfacesWithContext(context.Background(), input) + result, err := cache.ec2SVC.DescribeNetworkInterfaces(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeNetworkInterfaces").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DescribeNetworkInterfaces", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { - if aerr, ok := err.(awserr.Error); ok { - if aerr.Code() == "InvalidNetworkInterfaceID.NotFound" { + if errors.As(err, &awsAPIError) { + if awsAPIError.ErrorCode() == "InvalidNetworkInterfaceID.NotFound" { return nil, ErrENINotFound } @@ -1337,9 +1355,9 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, var ec2Response *ec2.DescribeNetworkInterfacesOutput // Try calling EC2 to describe the interfaces. for retryCount := 0; retryCount < maxENIEC2APIRetries && len(eniIDs) > 0; retryCount++ { - input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: aws.StringSlice(eniIDs)} + input := &ec2.DescribeNetworkInterfacesInput{NetworkInterfaceIds: eniIDs} start := time.Now() - ec2Response, err = cache.ec2SVC.DescribeNetworkInterfacesWithContext(context.Background(), input) + ec2Response, err = cache.ec2SVC.DescribeNetworkInterfaces(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeNetworkInterfaces").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("DescribeNetworkInterfaces", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err == nil { @@ -1349,11 +1367,12 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, awsAPIErrInc("DescribeNetworkInterfaces", err) prometheusmetrics.Ec2ApiErr.WithLabelValues("DescribeNetworkInterfaces").Inc() checkAPIErrorAndBroadcastEvent(err, "ec2:DescribeNetworkInterfaces") - log.Errorf("Failed to call ec2:DescribeNetworkInterfaces for %v: %v", aws.StringValueSlice(input.NetworkInterfaceIds), err) - if aerr, ok := err.(awserr.Error); ok { - if aerr.Code() == "InvalidNetworkInterfaceID.NotFound" { - badENIID := badENIID(aerr.Message()) - log.Debugf("Could not find interface: %s, ID: %s", aerr.Message(), badENIID) + log.Errorf("Failed to call ec2:DescribeNetworkInterfaces for %v: %v", input.NetworkInterfaceIds, err) + if errors.As(err, &awsAPIError) { + log.Debugf("Failed ec2:DescribeNetworkInterfaces awsAPIError ErrorCode :%v ErrorMessage: %v", awsAPIError.ErrorCode(), awsAPIError.ErrorMessage()) + if awsAPIError.ErrorCode() == "InvalidNetworkInterfaceID.NotFound" { + badENIID := badENIID(awsAPIError.ErrorMessage()) + log.Debugf("Could not find interface: %s, ID: %s", awsAPIError.ErrorMessage(), badENIID) awsAPIErrInc("IMDSMetaDataOutOfSync", err) // Remove this ENI from the map delete(eniMap, badENIID) @@ -1388,15 +1407,15 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, efaENIs := make(map[string]bool, 0) tagMap := make(map[string]TagMap, len(ec2Response.NetworkInterfaces)) for _, ec2res := range ec2Response.NetworkInterfaces { - eniID := aws.StringValue(ec2res.NetworkInterfaceId) + eniID := aws.ToString(ec2res.NetworkInterfaceId) attachment := ec2res.Attachment // Validate that Attachment is populated by EC2 response before logging if attachment != nil { - log.Infof("Got network card index %v for ENI %v", aws.Int64Value(attachment.NetworkCardIndex), eniID) - if aws.Int64Value(attachment.DeviceIndex) == 0 && !aws.BoolValue(attachment.DeleteOnTermination) { + log.Infof("Got network card index %v for ENI %v", aws.ToInt32(attachment.NetworkCardIndex), eniID) + if aws.ToInt32(attachment.DeviceIndex) == 0 && !aws.ToBool(attachment.DeleteOnTermination) { log.Warn("Primary ENI will not get deleted when node terminates because 'delete_on_termination' is set to false") } - if aws.Int64Value(attachment.NetworkCardIndex) > 0 { + if aws.ToInt32(attachment.NetworkCardIndex) > 0 { multiCardENIIDs = append(multiCardENIIDs, eniID) } } else { @@ -1404,7 +1423,7 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, } eniMetadata := eniMap[eniID] - interfaceType := aws.StringValue(ec2res.InterfaceType) + interfaceType := ec2res.InterfaceType log.Infof("%s is of type: %s", eniID, interfaceType) // This assumes we only have one trunk attached to the node.. @@ -1438,14 +1457,14 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, } // convertTagsToSDKTags converts tags in stringMap format to AWS SDK format -func convertTagsToSDKTags(tagsMap map[string]string) []*ec2.Tag { +func convertTagsToSDKTags(tagsMap map[string]string) []ec2types.Tag { if len(tagsMap) == 0 { return nil } - sdkTags := make([]*ec2.Tag, 0, len(tagsMap)) + sdkTags := make([]ec2types.Tag, 0, len(tagsMap)) for _, key := range sets.StringKeySet(tagsMap).List() { - sdkTags = append(sdkTags, &ec2.Tag{ + sdkTags = append(sdkTags, ec2types.Tag{ Key: aws.String(key), Value: aws.String(tagsMap[key]), }) @@ -1454,14 +1473,14 @@ func convertTagsToSDKTags(tagsMap map[string]string) []*ec2.Tag { } // convertSDKTagsToTags converts tags in AWS SDKs format to stringMap format -func convertSDKTagsToTags(sdkTags []*ec2.Tag) map[string]string { +func convertSDKTagsToTags(sdkTags []ec2types.Tag) map[string]string { if len(sdkTags) == 0 { return nil } tagsMap := make(map[string]string, len(sdkTags)) for _, sdkTag := range sdkTags { - tagsMap[aws.StringValue(sdkTag.Key)] = aws.StringValue(sdkTag.Value) + tagsMap[aws.ToString(sdkTag.Key)] = aws.ToString(sdkTag.Value) } return tagsMap } @@ -1503,24 +1522,24 @@ func badENIID(errMsg string) string { } // logOutOfSyncState compares the IP and metadata returned by IMDS and the EC2 API DescribeNetworkInterfaces calls -func logOutOfSyncState(eniID string, imdsIPv4s, ec2IPv4s []*ec2.NetworkInterfacePrivateIpAddress) { +func logOutOfSyncState(eniID string, imdsIPv4s, ec2IPv4s []ec2types.NetworkInterfacePrivateIpAddress) { // Comparing the IMDS IPv4 addresses attached to the ENI with the DescribeNetworkInterfaces AWS API call, which // technically should be the source of truth and contain the freshest information. Let's just do a quick scan here // and output some diagnostic messages if we find stale info in the IMDS result. imdsIPv4Set := sets.String{} imdsPrimaryIP := "" for _, imdsIPv4 := range imdsIPv4s { - imdsIPv4Set.Insert(aws.StringValue(imdsIPv4.PrivateIpAddress)) - if aws.BoolValue(imdsIPv4.Primary) { - imdsPrimaryIP = aws.StringValue(imdsIPv4.PrivateIpAddress) + imdsIPv4Set.Insert(aws.ToString(imdsIPv4.PrivateIpAddress)) + if aws.ToBool(imdsIPv4.Primary) { + imdsPrimaryIP = aws.ToString(imdsIPv4.PrivateIpAddress) } } ec2IPv4Set := sets.String{} ec2IPv4PrimaryIP := "" for _, privateIPv4 := range ec2IPv4s { - ec2IPv4Set.Insert(aws.StringValue(privateIPv4.PrivateIpAddress)) - if aws.BoolValue(privateIPv4.Primary) { - ec2IPv4PrimaryIP = aws.StringValue(privateIPv4.PrivateIpAddress) + ec2IPv4Set.Insert(aws.ToString(privateIPv4.PrivateIpAddress)) + if aws.ToBool(privateIPv4.Primary) { + ec2IPv4PrimaryIP = aws.ToString(privateIPv4.PrivateIpAddress) } } missingIMDS := ec2IPv4Set.Difference(imdsIPv4Set).List() @@ -1544,11 +1563,11 @@ func (cache *EC2InstanceMetadataCache) AllocIPAddress(eniID string) error { input := &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - SecondaryPrivateIpAddressCount: aws.Int64(1), + SecondaryPrivateIpAddressCount: aws.Int32(1), } start := time.Now() - output, err := cache.ec2SVC.AssignPrivateIpAddressesWithContext(context.Background(), input) + output, err := cache.ec2SVC.AssignPrivateIpAddresses(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("AssignPrivateIpAddresses").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("AssignPrivateIpAddresses", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -1559,7 +1578,7 @@ func (cache *EC2InstanceMetadataCache) AllocIPAddress(eniID string) error { return errors.Wrap(err, "failed to assign private IP addresses") } - log.Infof("Successfully allocated IP address %s on ENI %s", output.String(), eniID) + log.Infof("Successfully allocated IP address %v on ENI %s", output.AssignedPrivateIpAddresses, eniID) return nil } @@ -1570,8 +1589,8 @@ func (cache *EC2InstanceMetadataCache) FetchInstanceTypeLimits() error { } log.Debugf("Instance type limits are missing from vpc_ip_limits.go hence making an EC2 call to fetch the limits") - describeInstanceTypesInput := &ec2.DescribeInstanceTypesInput{InstanceTypes: []*string{aws.String(cache.instanceType)}} - output, err := cache.ec2SVC.DescribeInstanceTypesWithContext(context.Background(), describeInstanceTypesInput) + describeInstanceTypesInput := &ec2.DescribeInstanceTypesInput{InstanceTypes: []ec2types.InstanceType{ec2types.InstanceType(cache.instanceType)}} + output, err := cache.ec2SVC.DescribeInstanceTypes(context.Background(), describeInstanceTypesInput) prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeInstanceTypes").Inc() if err != nil || len(output.InstanceTypes) != 1 { prometheusmetrics.Ec2ApiErr.WithLabelValues("DescribeInstanceTypes").Inc() @@ -1580,20 +1599,20 @@ func (cache *EC2InstanceMetadataCache) FetchInstanceTypeLimits() error { } info := output.InstanceTypes[0] // Ignore any missing values - instanceType := aws.StringValue(info.InstanceType) - eniLimit := int(aws.Int64Value(info.NetworkInfo.MaximumNetworkInterfaces)) - ipv4Limit := int(aws.Int64Value(info.NetworkInfo.Ipv4AddressesPerInterface)) - isBareMetalInstance := aws.BoolValue(info.BareMetal) - hypervisorType := aws.StringValue(info.Hypervisor) + instanceType := info.InstanceType + eniLimit := int(aws.ToInt32(info.NetworkInfo.MaximumNetworkInterfaces)) + ipv4Limit := int(aws.ToInt32(info.NetworkInfo.Ipv4AddressesPerInterface)) + isBareMetalInstance := aws.ToBool(info.BareMetal) + hypervisorType := info.Hypervisor if hypervisorType == "" { hypervisorType = "unknown" } - networkCards := make([]vpc.NetworkCard, aws.Int64Value(info.NetworkInfo.MaximumNetworkCards)) - defaultNetworkCardIndex := int(aws.Int64Value(info.NetworkInfo.DefaultNetworkCardIndex)) + networkCards := make([]vpc.NetworkCard, aws.ToInt32(info.NetworkInfo.MaximumNetworkCards)) + defaultNetworkCardIndex := int(aws.ToInt32(info.NetworkInfo.DefaultNetworkCardIndex)) for idx := 0; idx < len(networkCards); idx += 1 { networkCards[idx] = vpc.NetworkCard{ - MaximumNetworkInterfaces: *info.NetworkInfo.NetworkCards[idx].MaximumNetworkInterfaces, - NetworkCardIndex: *info.NetworkInfo.NetworkCards[idx].NetworkCardIndex, + MaximumNetworkInterfaces: int64(*info.NetworkInfo.NetworkCards[idx].MaximumNetworkInterfaces), + NetworkCardIndex: int64(*info.NetworkInfo.NetworkCards[idx].NetworkCardIndex), } } //Not checking for empty hypervisorType since have seen certain instances not getting this filled. @@ -1691,18 +1710,18 @@ func (cache *EC2InstanceMetadataCache) AllocIPAddresses(eniID string, numIPs int needPrefixes := needIPs input = &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - Ipv4PrefixCount: aws.Int64(int64(needPrefixes)), + Ipv4PrefixCount: aws.Int32(int32(needPrefixes)), } } else { input = &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - SecondaryPrivateIpAddressCount: aws.Int64(int64(needIPs)), + SecondaryPrivateIpAddressCount: aws.Int32(int32(needIPs)), } } start := time.Now() - output, err := cache.ec2SVC.AssignPrivateIpAddressesWithContext(context.Background(), input) + output, err := cache.ec2SVC.AssignPrivateIpAddresses(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("AssignPrivateIpAddresses").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("AssignPrivateIpAddresses", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -1726,10 +1745,10 @@ func (cache *EC2InstanceMetadataCache) AllocIPv6Prefixes(eniID string) ([]*strin //We only need to allocate one IPv6 prefix per ENI. input := &ec2.AssignIpv6AddressesInput{ NetworkInterfaceId: aws.String(eniID), - Ipv6PrefixCount: aws.Int64(1), + Ipv6PrefixCount: aws.Int32(1), } start := time.Now() - output, err := cache.ec2SVC.AssignIpv6AddressesWithContext(context.Background(), input) + output, err := cache.ec2SVC.AssignIpv6Addresses(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("AssignIpv6Addresses").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("AssignIpv6AddressesWithContext", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -1742,7 +1761,7 @@ func (cache *EC2InstanceMetadataCache) AllocIPv6Prefixes(eniID string) ([]*strin if output != nil { log.Debugf("Allocated %d private IPv6 prefix(es)", len(output.AssignedIpv6Prefixes)) } - return output.AssignedIpv6Prefixes, nil + return aws.StringSlice(output.AssignedIpv6Prefixes), nil } // WaitForENIAndIPsAttached waits until the ENI has been attached and the secondary IPs have been added @@ -1822,15 +1841,14 @@ func (cache *EC2InstanceMetadataCache) DeallocIPAddresses(eniID string, ips []st return nil } log.Infof("Trying to unassign the following IPs %v from ENI %s", ips, eniID) - ipsInput := aws.StringSlice(ips) input := &ec2.UnassignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - PrivateIpAddresses: ipsInput, + PrivateIpAddresses: ips, } start := time.Now() - _, err := cache.ec2SVC.UnassignPrivateIpAddressesWithContext(context.Background(), input) + _, err := cache.ec2SVC.UnassignPrivateIpAddresses(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("UnassignPrivateIpAddresses").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("UnassignPrivateIpAddresses", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -1850,15 +1868,14 @@ func (cache *EC2InstanceMetadataCache) DeallocPrefixAddresses(eniID string, pref return nil } log.Infof("Trying to unassign the following Prefixes %v from ENI %s", prefixes, eniID) - prefixesInput := aws.StringSlice(prefixes) input := &ec2.UnassignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - Ipv4Prefixes: prefixesInput, + Ipv4Prefixes: prefixes, } start := time.Now() - _, err := cache.ec2SVC.UnassignPrivateIpAddressesWithContext(context.Background(), input) + _, err := cache.ec2SVC.UnassignPrivateIpAddresses(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("UnassignPrivateIpAddresses").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("UnassignPrivateIpAddresses", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -1888,7 +1905,7 @@ func (cache *EC2InstanceMetadataCache) cleanUpLeakedENIsInternal(startupDelay ti } else { // Clean up all the leaked ones we found for _, networkInterface := range networkInterfaces { - eniID := aws.StringValue(networkInterface.NetworkInterfaceId) + eniID := aws.ToString(networkInterface.NetworkInterfaceId) err = cache.deleteENI(eniID, maxENIBackoffDelay) if err != nil { awsUtilsErrInc("cleanUpLeakedENIDeleteErr", err) @@ -1902,25 +1919,25 @@ func (cache *EC2InstanceMetadataCache) cleanUpLeakedENIsInternal(startupDelay ti func (cache *EC2InstanceMetadataCache) tagENIcreateTS(eniID string, maxBackoffDelay time.Duration) { // Tag the ENI with "node.k8s.amazonaws.com/createdAt=currentTime" - tags := []*ec2.Tag{ + tags := []ec2types.Tag{ { Key: aws.String(eniCreatedAtTagKey), Value: aws.String(time.Now().Format(time.RFC3339)), }, } - log.Debugf("Tag untagged ENI %s: key=%s, value=%s", eniID, aws.StringValue(tags[0].Key), aws.StringValue(tags[0].Value)) + log.Debugf("Tag untagged ENI %s: key=%s, value=%s", eniID, aws.ToString(tags[0].Key), aws.ToString(tags[0].Value)) input := &ec2.CreateTagsInput{ - Resources: []*string{ - aws.String(eniID), + Resources: []string{ + eniID, }, Tags: tags, } _ = retry.NWithBackoff(retry.NewSimpleBackoff(500*time.Millisecond, maxBackoffDelay, 0.3, 2), 5, func() error { start := time.Now() - _, err := cache.ec2SVC.CreateTagsWithContext(context.Background(), input) + _, err := cache.ec2SVC.CreateTags(context.Background(), input) prometheusmetrics.Ec2ApiReq.WithLabelValues("CreateTags").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("CreateTags", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { @@ -1937,45 +1954,43 @@ func (cache *EC2InstanceMetadataCache) tagENIcreateTS(eniID string, maxBackoffDe // getLeakedENIs calls DescribeNetworkInterfaces to get all available ENIs that were allocated by // the AWS CNI plugin, but were not deleted. -func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]*ec2.NetworkInterface, error) { - leakedENIFilters := []*ec2.Filter{ +func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]ec2types.NetworkInterface, error) { + leakedENIFilters := []ec2types.Filter{ { - Name: aws.String("tag-key"), - Values: []*string{ - aws.String(eniNodeTagKey), - }, + Name: aws.String("tag-key"), + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), - Values: []*string{ - aws.String(ec2.NetworkInterfaceStatusAvailable), + Values: []string{ + string(ec2types.NetworkInterfaceStatusAvailable), }, }, { Name: aws.String("vpc-id"), - Values: []*string{ - aws.String(cache.vpcID), + Values: []string{ + cache.vpcID, }, }, } if cache.clusterName != "" { - leakedENIFilters = append(leakedENIFilters, &ec2.Filter{ + leakedENIFilters = append(leakedENIFilters, ec2types.Filter{ Name: aws.String(fmt.Sprintf("tag:%s", eniClusterTagKey)), - Values: []*string{ - aws.String(cache.clusterName), + Values: []string{ + cache.clusterName, }, }) } input := &ec2.DescribeNetworkInterfacesInput{ Filters: leakedENIFilters, - MaxResults: aws.Int64(describeENIPageSize), + MaxResults: aws.Int32(describeENIPageSize), } - var networkInterfaces []*ec2.NetworkInterface - filterFn := func(networkInterface *ec2.NetworkInterface) error { + var networkInterfaces []ec2types.NetworkInterface + filterFn := func(networkInterface ec2types.NetworkInterface) error { // Verify the description starts with "aws-K8S-" - if !strings.HasPrefix(aws.StringValue(networkInterface.Description), eniDescriptionPrefix) { + if !strings.HasPrefix(aws.ToString(networkInterface.Description), eniDescriptionPrefix) { return nil } // Check that it's not a newly created ENI @@ -1985,7 +2000,7 @@ func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]*ec2.NetworkInterface, parsedTime, err := time.Parse(time.RFC3339, value) if err != nil { log.Warnf("ParsedTime format %s is wrong so retagging with current TS", parsedTime) - cache.tagENIcreateTS(aws.StringValue(networkInterface.NetworkInterfaceId), maxENIBackoffDelay) + cache.tagENIcreateTS(aws.ToString(networkInterface.NetworkInterfaceId), maxENIBackoffDelay) } if time.Since(parsedTime) < eniDeleteCooldownTime { log.Infof("Found an ENI created less than 5 minutes ago, so not cleaning it up") @@ -1996,7 +2011,7 @@ func (cache *EC2InstanceMetadataCache) getLeakedENIs() ([]*ec2.NetworkInterface, /* Set a time if we didn't find one. This is to prevent accidentally deleting ENIs that are in the * process of being attached by CNI versions v1.5.x or earlier. */ - cache.tagENIcreateTS(aws.StringValue(networkInterface.NetworkInterfaceId), maxENIBackoffDelay) + cache.tagENIcreateTS(aws.ToString(networkInterface.NetworkInterfaceId), maxENIBackoffDelay) return nil } networkInterfaces = append(networkInterfaces, networkInterface) @@ -2087,31 +2102,24 @@ func (cache *EC2InstanceMetadataCache) IsUnmanagedENI(eniID string) bool { return false } -func (cache *EC2InstanceMetadataCache) getENIsFromPaginatedDescribeNetworkInterfaces( - input *ec2.DescribeNetworkInterfacesInput, filterFn func(networkInterface *ec2.NetworkInterface) error) error { - pageNum := 0 - var innerErr error - pageFn := func(output *ec2.DescribeNetworkInterfacesOutput, lastPage bool) (nextPage bool) { - pageNum++ - log.Debugf("EC2 DescribeNetworkInterfaces succeeded with %d results on page %d", - len(output.NetworkInterfaces), pageNum) - for _, eni := range output.NetworkInterfaces { +func (cache *EC2InstanceMetadataCache) getENIsFromPaginatedDescribeNetworkInterfaces(input *ec2.DescribeNetworkInterfacesInput, filterFn func(networkInterface ec2types.NetworkInterface) error) error { + paginator := ec2.NewDescribeNetworkInterfacesPaginator(cache.ec2SVC, input) + for paginator.HasMorePages() { + page, err := paginator.NextPage(context.TODO()) + if err != nil { + checkAPIErrorAndBroadcastEvent(err, "ec2:DescribeNetworkInterfaces") + awsAPIErrInc("DescribeNetworkInterfaces", err) + prometheusmetrics.Ec2ApiErr.WithLabelValues("DescribeNetworkInterfaces").Inc() + return err + } + for _, eni := range page.NetworkInterfaces { if err := filterFn(eni); err != nil { - innerErr = err - return false + return err } } - return true - } - - if err := cache.ec2SVC.DescribeNetworkInterfacesPagesWithContext(context.TODO(), input, pageFn); err != nil { - checkAPIErrorAndBroadcastEvent(err, "ec2:DescribeNetworkInterfaces") - awsAPIErrInc("DescribeNetworkInterfaces", err) - prometheusmetrics.Ec2ApiErr.WithLabelValues("DescribeNetworkInterfaces").Inc() - return err } prometheusmetrics.Ec2ApiReq.WithLabelValues("DescribeNetworkInterfaces").Inc() - return innerErr + return nil } // SetMultiCardENIs creates a StringSet tracking ENIs not behind the default network card index @@ -2139,8 +2147,9 @@ func (cache *EC2InstanceMetadataCache) IsPrimaryENI(eniID string) bool { } func checkAPIErrorAndBroadcastEvent(err error, api string) { - if aerr, ok := err.(awserr.Error); ok { - if aerr.Code() == "UnauthorizedOperation" { + log.Debugf("checkAPIErrorAndBroadcastEvent resulted in %v", err) + if errors.As(err, &awsAPIError) { + if awsAPIError.ErrorCode() == "UnauthorizedOperation" { if eventRecorder := eventrecorder.Get(); eventRecorder != nil { eventRecorder.SendPodEvent(v1.EventTypeWarning, "MissingIAMPermissions", api, fmt.Sprintf("Unauthorized operation: failed to call %v due to missing permissions. Please refer https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/iam-policy.md to attach relevant policy to IAM role", api)) diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index 897c451d0b..cd268b3c82 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -23,19 +23,20 @@ import ( "testing" "time" - "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + + "github.com/aws/smithy-go" + + "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/golang/mock/gomock" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/testutil" "github.com/stretchr/testify/assert" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - mock_ec2wrapper "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper/mocks" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" "github.com/aws/amazon-vpc-cni-k8s/utils/prometheusmetrics" + "github.com/aws/aws-sdk-go-v2/aws" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -143,8 +144,7 @@ func testMetadataWithPrefixes(overrides map[string]interface{}) FakeIMDS { return FakeIMDS(data) } -func setup(t *testing.T) (*gomock.Controller, - *mock_ec2wrapper.MockEC2) { +func setup(t *testing.T) (*gomock.Controller, *mock_ec2wrapper.MockEC2) { ctrl := gomock.NewController(t) setupEventRecorder(t) return ctrl, @@ -284,7 +284,7 @@ func TestAWSGetFreeDeviceNumberOnErr(t *testing.T) { defer ctrl.Finish() // test error handling - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("error on DescribeInstancesWithContext")) + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any()).Return(nil, errors.New("error on DescribeInstances")) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2} _, err := cache.awsGetFreeDeviceNumber() @@ -296,18 +296,20 @@ func TestAWSGetFreeDeviceNumberNoDevice(t *testing.T) { defer ctrl.Finish() // test no free index - ec2ENIs := make([]*ec2.InstanceNetworkInterface, 0) + ec2ENIs := make([]ec2types.InstanceNetworkInterface, 0) for i := 0; i < maxENIs; i++ { - var deviceNums [maxENIs]int64 - deviceNums[i] = int64(i) - ec2ENI := &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNums[i], NetworkCardIndex: aws.Int64(0)}} + deviceNum := int32(i) + ec2ENI := ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum, NetworkCardIndex: aws.Int32(0)}} ec2ENIs = append(ec2ENIs, ec2ENI) } - result := &ec2.DescribeInstancesOutput{ - Reservations: []*ec2.Reservation{{Instances: []*ec2.Instance{{NetworkInterfaces: ec2ENIs}}}}} - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + result := &ec2.DescribeInstancesOutput{Reservations: []ec2types.Reservation{{ + Instances: []ec2types.Instance{{ + NetworkInterfaces: ec2ENIs, + }}}}} + + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2} _, err := cache.awsGetFreeDeviceNumber() @@ -322,15 +324,15 @@ func TestGetENIAttachmentID(t *testing.T) { testCases := []struct { name string output *ec2.DescribeNetworkInterfacesOutput - awsErr error + err error expID *string expErr error }{ { "success with attachment", &ec2.DescribeNetworkInterfacesOutput{ - NetworkInterfaces: []*ec2.NetworkInterface{{ - Attachment: &ec2.NetworkInterfaceAttachment{ + NetworkInterfaces: []ec2types.NetworkInterface{{ + Attachment: &ec2types.NetworkInterfaceAttachment{ AttachmentId: attachmentID, }, }}, @@ -342,7 +344,7 @@ func TestGetENIAttachmentID(t *testing.T) { { "success no Attachment", &ec2.DescribeNetworkInterfacesOutput{ - NetworkInterfaces: []*ec2.NetworkInterface{{}}, + NetworkInterfaces: []ec2types.NetworkInterface{{}}, }, nil, nil, @@ -351,7 +353,7 @@ func TestGetENIAttachmentID(t *testing.T) { { "error empty net ifaces", &ec2.DescribeNetworkInterfacesOutput{ - NetworkInterfaces: []*ec2.NetworkInterface{}, + NetworkInterfaces: []ec2types.NetworkInterface{}, }, nil, nil, @@ -360,14 +362,21 @@ func TestGetENIAttachmentID(t *testing.T) { { "not found error", nil, - awserr.New("InvalidNetworkInterfaceID.NotFound", "", nil), + &smithy.GenericAPIError{Code: "InvalidNetworkInterfaceID.NotFound", Message: "not found", Fault: 0}, + nil, + ErrENINotFound, + }, + { + "not found error", + nil, + &smithy.GenericAPIError{Code: "InvalidNetworkInterfaceID.NotFound", Message: "", Fault: 0}, nil, ErrENINotFound, }, } for _, tc := range testCases { - mockEC2.EXPECT().DescribeNetworkInterfacesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(tc.output, tc.awsErr) + mockEC2.EXPECT().DescribeNetworkInterfaces(gomock.Any(), gomock.Any(), gomock.Any()).Return(tc.output, tc.err) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2} id, err := cache.getENIAttachmentID("test-eni") @@ -381,38 +390,46 @@ func TestDescribeAllENIs(t *testing.T) { defer ctrl.Finish() result := &ec2.DescribeNetworkInterfacesOutput{ - NetworkInterfaces: []*ec2.NetworkInterface{{ - TagSet: []*ec2.Tag{ + NetworkInterfaces: []ec2types.NetworkInterface{{ + TagSet: []ec2types.Tag{ {Key: aws.String("foo"), Value: aws.String("foo-value")}, }, - Attachment: &ec2.NetworkInterfaceAttachment{ - NetworkCardIndex: aws.Int64(0), + Attachment: &ec2types.NetworkInterfaceAttachment{ + NetworkCardIndex: aws.Int32(0), }, NetworkInterfaceId: aws.String(primaryeniID), }}, } - expectedError := awserr.New("InvalidNetworkInterfaceID.NotFound", "no 'eni-xxx'", nil) - noMessageError := awserr.New("InvalidNetworkInterfaceID.NotFound", "no message", nil) + expectedError := &smithy.GenericAPIError{ + Code: "InvalidNetworkInterfaceID.NotFound", + Message: "no 'eni-xxx'", + } + + noMessageError := &smithy.GenericAPIError{ + Code: "InvalidNetworkInterfaceID.NotFound", + Message: "no message", + } + err := errors.New("other Error") testCases := []struct { name string exptags map[string]TagMap n int - awsErr error + err error expErr error }{ {"Success DescribeENI", map[string]TagMap{"eni-00000000": {"foo": "foo-value"}}, 1, nil, nil}, - {"Not found error", nil, maxENIEC2APIRetries, awserr.New("InvalidNetworkInterfaceID.NotFound", "no 'eni-xxx'", nil), expectedError}, - {"Not found, no message", nil, maxENIEC2APIRetries, awserr.New("InvalidNetworkInterfaceID.NotFound", "no message", nil), noMessageError}, + {"Not found error", nil, maxENIEC2APIRetries, &smithy.GenericAPIError{Code: "InvalidNetworkInterfaceID.NotFound", Message: "no 'eni-xxx'"}, expectedError}, + {"Not found, no message", nil, maxENIEC2APIRetries, &smithy.GenericAPIError{Code: "InvalidNetworkInterfaceID.NotFound", Message: "no message"}, noMessageError}, {"Other error", nil, maxENIEC2APIRetries, err, err}, } mockMetadata := testMetadata(nil) for _, tc := range testCases { - mockEC2.EXPECT().DescribeNetworkInterfacesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Times(tc.n).Return(result, tc.awsErr) + mockEC2.EXPECT().DescribeNetworkInterfaces(gomock.Any(), gomock.Any(), gomock.Any()).Times(tc.n).Return(result, tc.err) cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}, ec2SVC: mockEC2} metaData, err := cache.DescribeAllENIs() assert.Equal(t, tc.expErr, err, tc.name) @@ -426,12 +443,12 @@ func TestAllocENI(t *testing.T) { mockMetadata := testMetadata(nil) - ipAddressCount := int64(100) + ipAddressCount := int32(100) subnetResult := &ec2.DescribeSubnetsOutput{ - Subnets: []*ec2.Subnet{{ - AvailableIpAddressCount: aws.Int64(ipAddressCount), + Subnets: []ec2types.Subnet{{ + AvailableIpAddressCount: &ipAddressCount, SubnetId: aws.String(subnetID), - Tags: []*ec2.Tag{ + Tags: []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -439,31 +456,31 @@ func TestAllocENI(t *testing.T) { }, }}, } - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) cureniID := eniID - eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2.NetworkInterface{NetworkInterfaceId: &cureniID}} - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) + eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2types.NetworkInterface{NetworkInterfaceId: &cureniID}} + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) // 2 ENIs, uses device number 0 3, expect to find free at 1 - ec2ENIs := make([]*ec2.InstanceNetworkInterface, 0) - deviceNum1 := int64(0) - ec2ENI := &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} + ec2ENIs := make([]ec2types.InstanceNetworkInterface, 0) + deviceNum1 := int32(0) + ec2ENI := ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} ec2ENIs = append(ec2ENIs, ec2ENI) - deviceNum2 := int64(3) - ec2ENI = &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} + deviceNum2 := int32(3) + ec2ENI = ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} ec2ENIs = append(ec2ENIs, ec2ENI) result := &ec2.DescribeInstancesOutput{ - Reservations: []*ec2.Reservation{{Instances: []*ec2.Instance{{NetworkInterfaces: ec2ENIs}}}}} + Reservations: []ec2types.Reservation{{Instances: []ec2types.Instance{{NetworkInterfaces: ec2ENIs}}}}} - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) attachmentID := "eni-attach-58ddda9d" attachResult := &ec2.AttachNetworkInterfaceOutput{ AttachmentId: &attachmentID} - mockEC2.EXPECT().AttachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) - mockEC2.EXPECT().ModifyNetworkInterfaceAttributeWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().AttachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) + mockEC2.EXPECT().ModifyNetworkInterfaceAttribute(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -482,12 +499,12 @@ func TestAllocENINoFreeDevice(t *testing.T) { mockMetadata := testMetadata(nil) - ipAddressCount := int64(100) + ipAddressCount := int32(100) subnetResult := &ec2.DescribeSubnetsOutput{ - Subnets: []*ec2.Subnet{{ + Subnets: []ec2types.Subnet{{ AvailableIpAddressCount: &ipAddressCount, SubnetId: aws.String(subnetID), - Tags: []*ec2.Tag{ + Tags: []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -495,26 +512,25 @@ func TestAllocENINoFreeDevice(t *testing.T) { }, }}, } - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) cureniID := eniID - eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2.NetworkInterface{NetworkInterfaceId: &cureniID}} - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) + eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2types.NetworkInterface{NetworkInterfaceId: &cureniID}} + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) // test no free index - ec2ENIs := make([]*ec2.InstanceNetworkInterface, 0) + ec2ENIs := make([]ec2types.InstanceNetworkInterface, 0) for i := 0; i < maxENIs; i++ { - var deviceNums [maxENIs]int64 - deviceNums[i] = int64(i) - ec2ENI := &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNums[i], NetworkCardIndex: aws.Int64(0)}} + deviceNum := int32(i) + ec2ENI := ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum, NetworkCardIndex: aws.Int32(0)}} ec2ENIs = append(ec2ENIs, ec2ENI) } result := &ec2.DescribeInstancesOutput{ - Reservations: []*ec2.Reservation{{Instances: []*ec2.Instance{{NetworkInterfaces: ec2ENIs}}}}} + Reservations: []ec2types.Reservation{{Instances: []ec2types.Instance{{NetworkInterfaces: ec2ENIs}}}}} - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) - mockEC2.EXPECT().DeleteNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + mockEC2.EXPECT().DeleteNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -533,12 +549,12 @@ func TestAllocENIMaxReached(t *testing.T) { mockMetadata := testMetadata(nil) - ipAddressCount := int64(100) + ipAddressCount := int32(100) subnetResult := &ec2.DescribeSubnetsOutput{ - Subnets: []*ec2.Subnet{{ + Subnets: []ec2types.Subnet{{ AvailableIpAddressCount: &ipAddressCount, SubnetId: aws.String(subnetID), - Tags: []*ec2.Tag{ + Tags: []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -546,28 +562,28 @@ func TestAllocENIMaxReached(t *testing.T) { }, }}, } - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) cureniID := eniID - eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2.NetworkInterface{NetworkInterfaceId: &cureniID}} - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) + eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2types.NetworkInterface{NetworkInterfaceId: &cureniID}} + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) // 2 ENIs, uses device number 0 3, expect to find free at 1 - ec2ENIs := make([]*ec2.InstanceNetworkInterface, 0) - deviceNum1 := int64(0) - ec2ENI := &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} + ec2ENIs := make([]ec2types.InstanceNetworkInterface, 0) + deviceNum1 := int32(0) + ec2ENI := ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} ec2ENIs = append(ec2ENIs, ec2ENI) - deviceNum2 := int64(3) - ec2ENI = &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} + deviceNum2 := int32(3) + ec2ENI = ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} ec2ENIs = append(ec2ENIs, ec2ENI) result := &ec2.DescribeInstancesOutput{ - Reservations: []*ec2.Reservation{{Instances: []*ec2.Instance{{NetworkInterfaces: ec2ENIs}}}}} + Reservations: []ec2types.Reservation{{Instances: []ec2types.Instance{{NetworkInterfaces: ec2ENIs}}}}} - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) - mockEC2.EXPECT().AttachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("AttachmentLimitExceeded")) - mockEC2.EXPECT().DeleteNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + mockEC2.EXPECT().AttachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("AttachmentLimitExceeded")) + mockEC2.EXPECT().DeleteNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -584,12 +600,12 @@ func TestAllocENIWithIPAddresses(t *testing.T) { ctrl, mockEC2 := setup(t) defer ctrl.Finish() - ipAddressCount := int64(100) + ipAddressCount := int32(100) subnetResult := &ec2.DescribeSubnetsOutput{ - Subnets: []*ec2.Subnet{{ + Subnets: []ec2types.Subnet{{ AvailableIpAddressCount: &ipAddressCount, SubnetId: aws.String(subnetID), - Tags: []*ec2.Tag{ + Tags: []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -597,41 +613,41 @@ func TestAllocENIWithIPAddresses(t *testing.T) { }, }}, } - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) // when required IP numbers(5) is below ENI's limit(30) currentEniID := eniID - eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2.NetworkInterface{NetworkInterfaceId: ¤tEniID}} - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) + eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2types.NetworkInterface{NetworkInterfaceId: ¤tEniID}} + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) - ec2ENIs := make([]*ec2.InstanceNetworkInterface, 0) - deviceNum1 := int64(0) - ec2ENI := &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} + ec2ENIs := make([]ec2types.InstanceNetworkInterface, 0) + deviceNum1 := int32(0) + ec2ENI := ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} ec2ENIs = append(ec2ENIs, ec2ENI) - deviceNum2 := int64(3) - ec2ENI = &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} + deviceNum2 := int32(3) + ec2ENI = ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} ec2ENIs = append(ec2ENIs, ec2ENI) result := &ec2.DescribeInstancesOutput{ - Reservations: []*ec2.Reservation{{Instances: []*ec2.Instance{{NetworkInterfaces: ec2ENIs}}}}} - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + Reservations: []ec2types.Reservation{{Instances: []ec2types.Instance{{NetworkInterfaces: ec2ENIs}}}}} + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) attachmentID := "eni-attach-58ddda9d" attachResult := &ec2.AttachNetworkInterfaceOutput{ AttachmentId: &attachmentID} - mockEC2.EXPECT().AttachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) - mockEC2.EXPECT().ModifyNetworkInterfaceAttributeWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().AttachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) + mockEC2.EXPECT().ModifyNetworkInterfaceAttribute(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, instanceType: "c5n.18xlarge", useSubnetDiscovery: true} _, err := cache.AllocENI(false, nil, subnetID, 5) assert.NoError(t, err) // when required IP numbers(50) is higher than ENI's limit(49) - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) - mockEC2.EXPECT().AttachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) - mockEC2.EXPECT().ModifyNetworkInterfaceAttributeWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + mockEC2.EXPECT().AttachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) + mockEC2.EXPECT().ModifyNetworkInterfaceAttribute(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache = &EC2InstanceMetadataCache{ec2SVC: mockEC2, instanceType: "c5n.18xlarge", useSubnetDiscovery: true} _, err = cache.AllocENI(false, nil, subnetID, 49) assert.NoError(t, err) @@ -643,12 +659,12 @@ func TestAllocENIWithIPAddressesAlreadyFull(t *testing.T) { mockMetadata := testMetadata(nil) - ipAddressCount := int64(100) + ipAddressCount := int32(100) subnetResult := &ec2.DescribeSubnetsOutput{ - Subnets: []*ec2.Subnet{{ + Subnets: []ec2types.Subnet{{ AvailableIpAddressCount: &ipAddressCount, SubnetId: aws.String(subnetID), - Tags: []*ec2.Tag{ + Tags: []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -656,10 +672,10 @@ func TestAllocENIWithIPAddressesAlreadyFull(t *testing.T) { }, }}, } - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) - retErr := awserr.New("PrivateIpAddressLimitExceeded", "Too many IPs already allocated", nil) - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, retErr) + retErr := &smithy.GenericAPIError{Code: "PrivateIpAddressLimitExceeded", Message: "Too many IPs already allocated"} + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, retErr) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -677,12 +693,12 @@ func TestAllocENIWithPrefixAddresses(t *testing.T) { mockMetadata := testMetadata(nil) - ipAddressCount := int64(100) + ipAddressCount := int32(100) subnetResult := &ec2.DescribeSubnetsOutput{ - Subnets: []*ec2.Subnet{{ + Subnets: []ec2types.Subnet{{ AvailableIpAddressCount: &ipAddressCount, SubnetId: aws.String(subnetID), - Tags: []*ec2.Tag{ + Tags: []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -690,29 +706,29 @@ func TestAllocENIWithPrefixAddresses(t *testing.T) { }, }}, } - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) currentEniID := eniID - eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2.NetworkInterface{NetworkInterfaceId: ¤tEniID}} - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) + eni := ec2.CreateNetworkInterfaceOutput{NetworkInterface: &ec2types.NetworkInterface{NetworkInterfaceId: ¤tEniID}} + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(&eni, nil) - ec2ENIs := make([]*ec2.InstanceNetworkInterface, 0) - deviceNum1 := int64(0) - ec2ENI := &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} + ec2ENIs := make([]ec2types.InstanceNetworkInterface, 0) + deviceNum1 := int32(0) + ec2ENI := ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum1}} ec2ENIs = append(ec2ENIs, ec2ENI) - deviceNum2 := int64(3) - ec2ENI = &ec2.InstanceNetworkInterface{Attachment: &ec2.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} + deviceNum2 := int32(3) + ec2ENI = ec2types.InstanceNetworkInterface{Attachment: &ec2types.InstanceNetworkInterfaceAttachment{DeviceIndex: &deviceNum2}} ec2ENIs = append(ec2ENIs, ec2ENI) result := &ec2.DescribeInstancesOutput{ - Reservations: []*ec2.Reservation{{Instances: []*ec2.Instance{{NetworkInterfaces: ec2ENIs}}}}} - mockEC2.EXPECT().DescribeInstancesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + Reservations: []ec2types.Reservation{{Instances: []ec2types.Instance{{NetworkInterfaces: ec2ENIs}}}}} + mockEC2.EXPECT().DescribeInstances(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) attachmentID := "eni-attach-58ddda9d" attachResult := &ec2.AttachNetworkInterfaceOutput{ AttachmentId: &attachmentID} - mockEC2.EXPECT().AttachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) - mockEC2.EXPECT().ModifyNetworkInterfaceAttributeWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().AttachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(attachResult, nil) + mockEC2.EXPECT().ModifyNetworkInterfaceAttribute(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -731,12 +747,12 @@ func TestAllocENIWithPrefixesAlreadyFull(t *testing.T) { mockMetadata := testMetadata(nil) - ipAddressCount := int64(100) + ipAddressCount := int32(100) subnetResult := &ec2.DescribeSubnetsOutput{ - Subnets: []*ec2.Subnet{{ + Subnets: []ec2types.Subnet{{ AvailableIpAddressCount: &ipAddressCount, SubnetId: aws.String(subnetID), - Tags: []*ec2.Tag{ + Tags: []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -744,10 +760,10 @@ func TestAllocENIWithPrefixesAlreadyFull(t *testing.T) { }, }}, } - mockEC2.EXPECT().DescribeSubnetsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) + mockEC2.EXPECT().DescribeSubnets(gomock.Any(), gomock.Any(), gomock.Any()).Return(subnetResult, nil) - retErr := awserr.New("PrivateIpAddressLimitExceeded", "Too many IPs already allocated", nil) - mockEC2.EXPECT().CreateNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, retErr) + retErr := &smithy.GenericAPIError{Code: "PrivateIpAddressLimitExceeded", Message: "Too many IPs already allocated"} + mockEC2.EXPECT().CreateNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, retErr) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -765,12 +781,12 @@ func TestFreeENI(t *testing.T) { defer ctrl.Finish() attachmentID := eniAttachID - attachment := &ec2.NetworkInterfaceAttachment{AttachmentId: &attachmentID} + attachment := &ec2types.NetworkInterfaceAttachment{AttachmentId: &attachmentID} result := &ec2.DescribeNetworkInterfacesOutput{ - NetworkInterfaces: []*ec2.NetworkInterface{{Attachment: attachment}}} - mockEC2.EXPECT().DescribeNetworkInterfacesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) - mockEC2.EXPECT().DetachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) - mockEC2.EXPECT().DeleteNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + NetworkInterfaces: []ec2types.NetworkInterface{{Attachment: attachment}}} + mockEC2.EXPECT().DescribeNetworkInterfaces(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + mockEC2.EXPECT().DetachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().DeleteNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -785,15 +801,15 @@ func TestFreeENIRetry(t *testing.T) { defer ctrl.Finish() attachmentID := eniAttachID - attachment := &ec2.NetworkInterfaceAttachment{AttachmentId: &attachmentID} + attachment := &ec2types.NetworkInterfaceAttachment{AttachmentId: &attachmentID} result := &ec2.DescribeNetworkInterfacesOutput{ - NetworkInterfaces: []*ec2.NetworkInterface{{Attachment: attachment}}} - mockEC2.EXPECT().DescribeNetworkInterfacesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + NetworkInterfaces: []ec2types.NetworkInterface{{Attachment: attachment}}} + mockEC2.EXPECT().DescribeNetworkInterfaces(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) // retry 2 times - mockEC2.EXPECT().DetachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) - mockEC2.EXPECT().DeleteNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("testing retrying delete")) - mockEC2.EXPECT().DeleteNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().DetachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().DeleteNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("testing retrying delete")) + mockEC2.EXPECT().DeleteNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -808,7 +824,11 @@ func TestAwsAPIErrInc(t *testing.T) { prometheusmetrics.AwsAPIErr.Reset() // Test case 1: AWS error - awsErr := awserr.New("InvalidParameterException", "The parameter is invalid", nil) + awsErr := &smithy.GenericAPIError{ + Code: "InvalidParameterException", + Message: "The parameter is invalid", + Fault: smithy.FaultUnknown, + } awsAPIErrInc("CreateNetworkInterface", awsErr) // Verify metric was incremented with correct labels @@ -835,14 +855,14 @@ func TestFreeENIRetryMax(t *testing.T) { defer ctrl.Finish() attachmentID := eniAttachID - attachment := &ec2.NetworkInterfaceAttachment{AttachmentId: &attachmentID} + attachment := &ec2types.NetworkInterfaceAttachment{AttachmentId: &attachmentID} result := &ec2.DescribeNetworkInterfacesOutput{ - NetworkInterfaces: []*ec2.NetworkInterface{{Attachment: attachment}}} - mockEC2.EXPECT().DescribeNetworkInterfacesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) - mockEC2.EXPECT().DetachNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + NetworkInterfaces: []ec2types.NetworkInterface{{Attachment: attachment}}} + mockEC2.EXPECT().DescribeNetworkInterfaces(gomock.Any(), gomock.Any(), gomock.Any()).Return(result, nil) + mockEC2.EXPECT().DetachNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) for i := 0; i < maxENIEC2APIRetries; i++ { - mockEC2.EXPECT().DeleteNetworkInterfaceWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("testing retrying delete")) + mockEC2.EXPECT().DeleteNetworkInterface(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("testing retrying delete")) } cache := &EC2InstanceMetadataCache{ @@ -857,7 +877,7 @@ func TestFreeENIDescribeErr(t *testing.T) { ctrl, mockEC2 := setup(t) defer ctrl.Finish() - mockEC2.EXPECT().DescribeNetworkInterfacesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("Error on DescribeNetworkInterfacesWithContext")) + mockEC2.EXPECT().DescribeNetworkInterfaces(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("Error on DescribeNetworkInterfacesWithContext")) cache := &EC2InstanceMetadataCache{ ec2SVC: mockEC2, @@ -870,11 +890,11 @@ func TestFreeENIDescribeErr(t *testing.T) { func TestDescribeInstanceTypes(t *testing.T) { ctrl, mockEC2 := setup(t) defer ctrl.Finish() - mockEC2.EXPECT().DescribeInstanceTypesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&ec2.DescribeInstanceTypesOutput{ - InstanceTypes: []*ec2.InstanceTypeInfo{ - {InstanceType: aws.String("not-there"), NetworkInfo: &ec2.NetworkInfo{ - MaximumNetworkInterfaces: aws.Int64(9), - Ipv4AddressesPerInterface: aws.Int64(99)}, + mockEC2.EXPECT().DescribeInstanceTypes(gomock.Any(), gomock.Any(), gomock.Any()).Return(&ec2.DescribeInstanceTypesOutput{ + InstanceTypes: []ec2types.InstanceTypeInfo{ + {InstanceType: "not-there", NetworkInfo: &ec2types.NetworkInfo{ + MaximumNetworkInterfaces: aws.Int32(9), + Ipv4AddressesPerInterface: aws.Int32(99)}, }, }, NextToken: nil, @@ -894,7 +914,7 @@ func TestAllocIPAddress(t *testing.T) { ctrl, mockEC2 := setup(t) defer ctrl.Finish() - mockEC2.EXPECT().AssignPrivateIpAddressesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(&ec2.AssignPrivateIpAddressesOutput{}, nil) + mockEC2.EXPECT().AssignPrivateIpAddresses(gomock.Any(), gomock.Any(), gomock.Any()).Return(&ec2.AssignPrivateIpAddressesOutput{}, nil) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2} err := cache.AllocIPAddress("eni-id") @@ -905,7 +925,7 @@ func TestAllocIPAddressOnErr(t *testing.T) { ctrl, mockEC2 := setup(t) defer ctrl.Finish() - mockEC2.EXPECT().AssignPrivateIpAddressesWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("Error on AssignPrivateIpAddressesWithContext")) + mockEC2.EXPECT().AssignPrivateIpAddresses(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("Error on AssignPrivateIpAddressesWithContext")) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2} err := cache.AllocIPAddress("eni-id") @@ -919,9 +939,9 @@ func TestAllocIPAddresses(t *testing.T) { // when required IP numbers(5) is below ENI's limit(30) input := &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - SecondaryPrivateIpAddressCount: aws.Int64(5), + SecondaryPrivateIpAddressCount: aws.Int32(5), } - mockEC2.EXPECT().AssignPrivateIpAddressesWithContext(gomock.Any(), input, gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().AssignPrivateIpAddresses(gomock.Any(), input, gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, instanceType: "c5n.18xlarge"} _, err := cache.AllocIPAddresses(eniID, 5) @@ -930,14 +950,14 @@ func TestAllocIPAddresses(t *testing.T) { // when required IP numbers(50) is higher than ENI's limit(49) input = &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - SecondaryPrivateIpAddressCount: aws.Int64(49), + SecondaryPrivateIpAddressCount: aws.Int32(49), } - addresses := make([]*ec2.AssignedPrivateIpAddress, 49) + addresses := make([]ec2types.AssignedPrivateIpAddress, 49) output := ec2.AssignPrivateIpAddressesOutput{ AssignedPrivateIpAddresses: addresses, NetworkInterfaceId: aws.String(eniID), } - mockEC2.EXPECT().AssignPrivateIpAddressesWithContext(gomock.Any(), input, gomock.Any()).Return(&output, nil) + mockEC2.EXPECT().AssignPrivateIpAddresses(gomock.Any(), input, gomock.Any()).Return(&output, nil) cache = &EC2InstanceMetadataCache{ec2SVC: mockEC2, instanceType: "c5n.18xlarge"} _, err = cache.AllocIPAddresses(eniID, 50) @@ -954,12 +974,12 @@ func TestAllocIPAddressesAlreadyFull(t *testing.T) { // The required IP numbers(14) is the ENI's limit(14) input := &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - SecondaryPrivateIpAddressCount: aws.Int64(14), + SecondaryPrivateIpAddressCount: aws.Int32(14), } cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, instanceType: "t3.xlarge"} - retErr := awserr.New("PrivateIpAddressLimitExceeded", "Too many IPs already allocated", nil) - mockEC2.EXPECT().AssignPrivateIpAddressesWithContext(gomock.Any(), input, gomock.Any()).Return(nil, retErr) + retErr := &smithy.GenericAPIError{Code: "PrivateIpAddressLimitExceeded", Message: "Too many IPs already allocated"} + mockEC2.EXPECT().AssignPrivateIpAddresses(gomock.Any(), input, gomock.Any()).Return(nil, retErr) // If EC2 says that all IPs are already attached, then DS is out of sync so alloc will fail _, err := cache.AllocIPAddresses(eniID, 14) assert.Error(t, err) @@ -972,9 +992,9 @@ func TestAllocPrefixAddresses(t *testing.T) { //Allocate 1 prefix for the ENI input := &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - Ipv4PrefixCount: aws.Int64(1), + Ipv4PrefixCount: aws.Int32(1), } - mockEC2.EXPECT().AssignPrivateIpAddressesWithContext(gomock.Any(), input, gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().AssignPrivateIpAddresses(gomock.Any(), input, gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, instanceType: "c5n.18xlarge", enablePrefixDelegation: true} _, err := cache.AllocIPAddresses(eniID, 1) @@ -991,12 +1011,12 @@ func TestAllocPrefixesAlreadyFull(t *testing.T) { // The required Prefixes (1) is the ENI's limit(1) input := &ec2.AssignPrivateIpAddressesInput{ NetworkInterfaceId: aws.String(eniID), - Ipv4PrefixCount: aws.Int64(1), + Ipv4PrefixCount: aws.Int32(1), } cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, instanceType: "t3.xlarge", enablePrefixDelegation: true} - retErr := awserr.New("PrivateIpAddressLimitExceeded", "Too many IPs already allocated", nil) - mockEC2.EXPECT().AssignPrivateIpAddressesWithContext(gomock.Any(), input, gomock.Any()).Return(nil, retErr) + retErr := &smithy.GenericAPIError{Code: "PrivateIpAddressLimitExceeded", Message: "Too many IPs already allocated"} + mockEC2.EXPECT().AssignPrivateIpAddresses(gomock.Any(), input, gomock.Any()).Return(nil, retErr) // If EC2 says that all IPs are already attached, then DS is out of sync so alloc will fail _, err := cache.AllocIPAddresses(eniID, 1) assert.Error(t, err) @@ -1044,7 +1064,7 @@ func TestEC2InstanceMetadataCache_waitForENIAndIPsAttached(t *testing.T) { MAC: eni2MAC, DeviceNumber: 1, SubnetIPv4CIDR: subnetCIDR, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { Primary: &isPrimary, PrivateIpAddress: &primaryIP, @@ -1118,13 +1138,13 @@ func TestEC2InstanceMetadataCache_waitForENIAndPrefixesAttached(t *testing.T) { MAC: eni2MAC, DeviceNumber: 1, SubnetIPv4CIDR: subnetCIDR, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { Primary: &isPrimary, PrivateIpAddress: &primaryIP, }, }, - IPv4Prefixes: []*ec2.Ipv4PrefixSpecification{ + IPv4Prefixes: []ec2types.Ipv4PrefixSpecification{ { Ipv4Prefix: &prefixIP, }, @@ -1136,18 +1156,18 @@ func TestEC2InstanceMetadataCache_waitForENIAndPrefixesAttached(t *testing.T) { MAC: eni2MAC, DeviceNumber: 1, SubnetIPv4CIDR: subnetCIDR, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { Primary: &isPrimary, PrivateIpAddress: &primaryIP, }, }, - IPv6Prefixes: []*ec2.Ipv6PrefixSpecification{ + IPv6Prefixes: []ec2types.Ipv6PrefixSpecification{ { Ipv6Prefix: &v6PrefixIP, }, }, - IPv6Addresses: []*ec2.NetworkInterfaceIpv6Address{}, + IPv6Addresses: []ec2types.NetworkInterfaceIpv6Address{}, } tests := []struct { name string @@ -1214,15 +1234,15 @@ func TestEC2InstanceMetadataCache_cleanUpLeakedENIsInternal(t *testing.T) { defer ctrl.Finish() description := eniDescriptionPrefix + "test" - interfaces := []*ec2.NetworkInterface{{ + interfaces := []ec2types.NetworkInterface{{ Description: &description, - TagSet: []*ec2.Tag{ + TagSet: []ec2types.Tag{ {Key: aws.String(eniNodeTagKey), Value: aws.String("test-value")}, }, }} setupDescribeNetworkInterfacesPagesWithContextMock(t, mockEC2, interfaces, nil, 1) - mockEC2.EXPECT().CreateTagsWithContext(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) + mockEC2.EXPECT().CreateTags(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil) cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2} // Test checks that both mocks gets called. @@ -1230,15 +1250,14 @@ func TestEC2InstanceMetadataCache_cleanUpLeakedENIsInternal(t *testing.T) { } func setupDescribeNetworkInterfacesPagesWithContextMock( - t *testing.T, mockEC2 *mock_ec2wrapper.MockEC2, interfaces []*ec2.NetworkInterface, err error, times int) { + t *testing.T, mockEC2 *mock_ec2wrapper.MockEC2, interfaces []ec2types.NetworkInterface, err error, times int) { mockEC2.EXPECT(). - DescribeNetworkInterfacesPagesWithContext(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Times(times). - DoAndReturn(func(_ context.Context, _ *ec2.DescribeNetworkInterfacesInput, - fn func(*ec2.DescribeNetworkInterfacesOutput, bool) bool, _ ...request.Option) error { - assert.Equal(t, true, fn(&ec2.DescribeNetworkInterfacesOutput{ + DescribeNetworkInterfaces(gomock.Any(), gomock.Any(), gomock.Any()). + Times(times). + DoAndReturn(func(_ context.Context, _ *ec2.DescribeNetworkInterfacesInput, opts ...func(*ec2.Options)) (*ec2.DescribeNetworkInterfacesOutput, error) { + return &ec2.DescribeNetworkInterfacesOutput{ NetworkInterfaces: interfaces, - }, true)) - return err + }, err }) } @@ -1317,7 +1336,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { tests := []struct { name string fields fields - want []*ec2.NetworkInterface + want []ec2types.NetworkInterface wantErr error }{ { @@ -1327,21 +1346,21 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { @@ -1360,30 +1379,30 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { - NetworkInterfaces: []*ec2.NetworkInterface{ + NetworkInterfaces: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("aws-K8S-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1400,12 +1419,12 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { }, }, }, - want: []*ec2.NetworkInterface{ + want: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("aws-K8S-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1425,30 +1444,30 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { - NetworkInterfaces: []*ec2.NetworkInterface{ + NetworkInterfaces: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("non-k8s-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1474,30 +1493,30 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { - NetworkInterfaces: []*ec2.NetworkInterface{ + NetworkInterfaces: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("aws-K8S-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1523,21 +1542,21 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { @@ -1556,34 +1575,34 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, { Name: aws.String("tag:cluster.k8s.amazonaws.com/name"), - Values: []*string{aws.String("awesome-cluster")}, + Values: []string{"awesome-cluster"}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { - NetworkInterfaces: []*ec2.NetworkInterface{ + NetworkInterfaces: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("aws-K8S-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1604,12 +1623,12 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { }, }, }, - want: []*ec2.NetworkInterface{ + want: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("aws-K8S-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1633,34 +1652,34 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, { Name: aws.String("tag:cluster.k8s.amazonaws.com/name"), - Values: []*string{aws.String("awesome-cluster")}, + Values: []string{"awesome-cluster"}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { - NetworkInterfaces: []*ec2.NetworkInterface{ + NetworkInterfaces: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("non-k8s-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1690,34 +1709,34 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { describeNetworkInterfacePagesCalls: []describeNetworkInterfacePagesCall{ { input: &ec2.DescribeNetworkInterfacesInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []*string{aws.String("node.k8s.amazonaws.com/instance_id")}, + Values: []string{"node.k8s.amazonaws.com/instance_id"}, }, { Name: aws.String("status"), - Values: []*string{aws.String("available")}, + Values: []string{"available"}, }, { Name: aws.String("vpc-id"), - Values: []*string{aws.String(vpcID)}, + Values: []string{vpcID}, }, { Name: aws.String("tag:cluster.k8s.amazonaws.com/name"), - Values: []*string{aws.String("awesome-cluster")}, + Values: []string{"awesome-cluster"}, }, }, - MaxResults: aws.Int64(1000), + MaxResults: aws.Int32(1000), }, outputPages: []*ec2.DescribeNetworkInterfacesOutput{ { - NetworkInterfaces: []*ec2.NetworkInterface{ + NetworkInterfaces: []ec2types.NetworkInterface{ { NetworkInterfaceId: aws.String("eni-1"), Description: aws.String("aws-K8S-i-xxxxx"), - Status: aws.String("available"), - TagSet: []*ec2.Tag{ + Status: "available", + TagSet: []ec2types.Tag{ { Key: aws.String("node.k8s.amazonaws.com/instance_id"), Value: aws.String("i-xxxxx"), @@ -1748,16 +1767,18 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { for _, call := range tt.fields.describeNetworkInterfacePagesCalls { mockEC2.EXPECT(). - DescribeNetworkInterfacesPagesWithContext(gomock.Any(), call.input, gomock.Any(), gomock.Any()). - DoAndReturn(func(_ context.Context, _ *ec2.DescribeNetworkInterfacesInput, - fn func(*ec2.DescribeNetworkInterfacesOutput, bool) bool, _ ...request.Option) error { + DescribeNetworkInterfaces(gomock.Any(), call.input, gomock.Any()). + DoAndReturn(func(_ context.Context, _ *ec2.DescribeNetworkInterfacesInput, opts ...func(*ec2.Options)) (*ec2.DescribeNetworkInterfacesOutput, error) { if call.err != nil { - return call.err + return nil, call.err + } + output := &ec2.DescribeNetworkInterfacesOutput{ + NetworkInterfaces: []ec2types.NetworkInterface{}, } - for _, output := range call.outputPages { - fn(output, true) + for _, page := range call.outputPages { + output.NetworkInterfaces = append(output.NetworkInterfaces, page.NetworkInterfaces...) } - return nil + return output, nil }) } cache := &EC2InstanceMetadataCache{ec2SVC: mockEC2, clusterName: tt.fields.clusterName, vpcID: vpcID} @@ -1802,8 +1823,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ - Resources: []*string{aws.String("eni-xxxx")}, - Tags: []*ec2.Tag{ + Resources: []string{"eni-xxxx"}, + Tags: []ec2types.Tag{ { Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), @@ -1847,8 +1868,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ - Resources: []*string{aws.String("eni-xxxx")}, - Tags: []*ec2.Tag{ + Resources: []string{"eni-xxxx"}, + Tags: []ec2types.Tag{ { Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), @@ -1875,8 +1896,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { createTagsCalls: []createTagsCall{ { input: &ec2.CreateTagsInput{ - Resources: []*string{aws.String("eni-xxxx")}, - Tags: []*ec2.Tag{ + Resources: []string{"eni-xxxx"}, + Tags: []ec2types.Tag{ { Key: aws.String("cluster.k8s.amazonaws.com/name"), Value: aws.String("awesome-cluster"), @@ -1904,7 +1925,7 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { defer ctrl.Finish() for _, call := range tt.fields.createTagsCalls { - mockEC2.EXPECT().CreateTagsWithContext(gomock.Any(), call.input).Return(&ec2.CreateTagsOutput{}, call.err).AnyTimes() + mockEC2.EXPECT().CreateTags(gomock.Any(), call.input).Return(&ec2.CreateTagsOutput{}, call.err).AnyTimes() } cache := &EC2InstanceMetadataCache{ @@ -1930,7 +1951,7 @@ func Test_convertTagsToSDKTags(t *testing.T) { tests := []struct { name string args args - want []*ec2.Tag + want []ec2types.Tag }{ { name: "non-empty tags", @@ -1940,7 +1961,7 @@ func Test_convertTagsToSDKTags(t *testing.T) { "keyB": "valueB", }, }, - want: []*ec2.Tag{ + want: []ec2types.Tag{ { Key: aws.String("keyA"), Value: aws.String("valueA"), @@ -1972,7 +1993,7 @@ func Test_convertTagsToSDKTags(t *testing.T) { func Test_convertSDKTagsToTags(t *testing.T) { type args struct { - sdkTags []*ec2.Tag + sdkTags []ec2types.Tag } tests := []struct { name string @@ -1982,7 +2003,7 @@ func Test_convertSDKTagsToTags(t *testing.T) { { name: "non-empty sdk tags", args: args{ - sdkTags: []*ec2.Tag{ + sdkTags: []ec2types.Tag{ { Key: aws.String("keyA"), Value: aws.String("valueA"), @@ -2008,14 +2029,14 @@ func Test_convertSDKTagsToTags(t *testing.T) { { name: "empty sdk tags", args: args{ - sdkTags: []*ec2.Tag{}, + sdkTags: []ec2types.Tag{}, }, want: nil, }, { name: "nil sdk tag value", args: args{ - sdkTags: []*ec2.Tag{ + sdkTags: []ec2types.Tag{ { Key: aws.String("keyA"), Value: nil, diff --git a/pkg/awsutils/imds.go b/pkg/awsutils/imds.go index ab845eeb45..0c3152442c 100644 --- a/pkg/awsutils/imds.go +++ b/pkg/awsutils/imds.go @@ -16,18 +16,22 @@ package awsutils import ( "context" "fmt" + "io" "net" "net/http" "strconv" "strings" - "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/smithy-go" + + awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http" + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" "github.com/pkg/errors" ) // EC2MetadataIface is a subset of the EC2Metadata API. type EC2MetadataIface interface { - GetMetadataWithContext(ctx context.Context, p string) (string, error) + GetMetadata(ctx context.Context, params *imds.GetMetadataInput, optFns ...func(*imds.Options)) (*imds.GetMetadataOutput, error) } // TypedIMDS is a typed wrapper around raw untyped IMDS SDK API. @@ -39,6 +43,8 @@ type TypedIMDS struct { type imdsRequestError struct { requestKey string err error + code string // Added to support SDK V2 APIError interface + fault smithy.ErrorFault // Added to support SDK V2 APIError interface } var _ error = &imdsRequestError{} @@ -47,6 +53,8 @@ func newIMDSRequestError(requestKey string, err error) *imdsRequestError { return &imdsRequestError{ requestKey: requestKey, err: err, + code: "IMDSRequestError", // default code + fault: smithy.FaultUnknown, // default fault } } @@ -54,78 +62,160 @@ func (e *imdsRequestError) Error() string { return fmt.Sprintf("failed to retrieve %s from instance metadata %v", e.requestKey, e.err) } -func (imds TypedIMDS) getList(ctx context.Context, key string) ([]string, error) { - data, err := imds.GetMetadataWithContext(ctx, key) +func (e *imdsRequestError) Unwrap() error { + return e.err +} + +// Implement smithy.APIError interface + +func (e *imdsRequestError) ErrorCode() string { + // If wrapped error is an APIError, delegate to it + var apiErr smithy.APIError + if errors.As(e.err, &apiErr) { + return apiErr.ErrorCode() + } + return e.code +} + +func (e *imdsRequestError) ErrorMessage() string { + return e.Error() +} + +func (e *imdsRequestError) ErrorFault() smithy.ErrorFault { + // If wrapped error is an APIError, delegate to it + var apiErr smithy.APIError + if errors.As(e.err, &apiErr) { + return apiErr.ErrorFault() + } + return e.fault +} + +func (e *imdsRequestError) HTTPStatusCode() int { + if resp, ok := e.err.(interface{ HTTPStatusCode() int }); ok { + return resp.HTTPStatusCode() + } + return 200 +} + +func (e *imdsRequestError) RequestID() string { + if resp, ok := e.err.(interface{ RequestID() string }); ok { + return resp.RequestID() + } + return "" +} + +func (typedimds TypedIMDS) getList(ctx context.Context, key string) ([]string, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: key, + }) if err != nil { return nil, err } - return strings.Fields(data), err + if output == nil || output.Content == nil { + return nil, newIMDSRequestError(key, fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return nil, newIMDSRequestError(key, fmt.Errorf("failed to read content: %w", err)) + } + + return strings.Fields(string(bytes)), nil } // GetAZ returns the Availability Zone in which the instance launched. -func (imds TypedIMDS) GetAZ(ctx context.Context) (string, error) { - az, err := imds.GetMetadataWithContext(ctx, "placement/availability-zone") +func (typedimds TypedIMDS) GetAZ(ctx context.Context) (string, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: "placement/availability-zone"}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return az, imdsErr.err - } return "", err } - return az, err + if output == nil || output.Content == nil { + return "", newIMDSRequestError("placement/availability-zone", fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return "", newIMDSRequestError("placement/availability-zone", fmt.Errorf("failed to read content: %w", err)) + } + return strings.TrimSpace(string(bytes)), nil } // GetInstanceType returns the type of this instance. -func (imds TypedIMDS) GetInstanceType(ctx context.Context) (string, error) { - instanceType, err := imds.GetMetadataWithContext(ctx, "instance-type") +func (typedimds TypedIMDS) GetInstanceType(ctx context.Context) (string, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: "instance-type"}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return instanceType, imdsErr.err - } return "", err } - return instanceType, err + + if output == nil || output.Content == nil { + return "", newIMDSRequestError("instance-type", fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return "", newIMDSRequestError("instance-type", fmt.Errorf("failed to read content: %w", err)) + } + return strings.TrimSpace(string(bytes)), nil } // GetLocalIPv4 returns the private (primary) IPv4 address of the instance. -func (imds TypedIMDS) GetLocalIPv4(ctx context.Context) (net.IP, error) { - return imds.getIP(ctx, "local-ipv4") +func (typedimds TypedIMDS) GetLocalIPv4(ctx context.Context) (net.IP, error) { + return typedimds.getIP(ctx, "local-ipv4") } // GetInstanceID returns the ID of this instance. -func (imds TypedIMDS) GetInstanceID(ctx context.Context) (string, error) { - instanceID, err := imds.GetMetadataWithContext(ctx, "instance-id") +func (typedimds TypedIMDS) GetInstanceID(ctx context.Context) (string, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: "instance-id"}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return instanceID, imdsErr.err - } return "", err } - return instanceID, err + + if output == nil || output.Content == nil { + return "", newIMDSRequestError("instance-id", fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return "", newIMDSRequestError("instance-id", fmt.Errorf("failed to read content: %w", err)) + } + return strings.TrimSpace(string(bytes)), nil } // GetMAC returns the first/primary network interface mac address. -func (imds TypedIMDS) GetMAC(ctx context.Context) (string, error) { - mac, err := imds.GetMetadataWithContext(ctx, "mac") +func (typedimds TypedIMDS) GetMAC(ctx context.Context) (string, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: "mac"}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return mac, imdsErr.err - } return "", err } - return mac, err + if output == nil || output.Content == nil { + return "", newIMDSRequestError("mac", fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return "", newIMDSRequestError("mac", fmt.Errorf("failed to read content: %w", err)) + } + return string(bytes), nil } // GetMACs returns the interface addresses attached to the instance. -func (imds TypedIMDS) GetMACs(ctx context.Context) ([]string, error) { - list, err := imds.getList(ctx, "network/interfaces/macs") +func (typedimds TypedIMDS) GetMACs(ctx context.Context) ([]string, error) { + list, err := typedimds.getList(ctx, "network/interfaces/macs") if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { log.Warnf("%v", err) - return nil, imdsErr.err + return nil, newIMDSRequestError(err.Error(), err) } return nil, err } @@ -137,11 +227,13 @@ func (imds TypedIMDS) GetMACs(ctx context.Context) ([]string, error) { } // GetMACImdsFields returns the imds fields present for a MAC -func (imds TypedIMDS) GetMACImdsFields(ctx context.Context, mac string) ([]string, error) { +func (typedimds TypedIMDS) GetMACImdsFields(ctx context.Context, mac string) ([]string, error) { key := fmt.Sprintf("network/interfaces/macs/%s", mac) - list, err := imds.getList(ctx, key) + list, err := typedimds.getList(ctx, key) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { log.Warnf("%v", err) return nil, imdsErr.err } @@ -155,29 +247,41 @@ func (imds TypedIMDS) GetMACImdsFields(ctx context.Context, mac string) ([]strin } // GetInterfaceID returns the ID of the network interface. -func (imds TypedIMDS) GetInterfaceID(ctx context.Context, mac string) (string, error) { +func (typedimds TypedIMDS) GetInterfaceID(ctx context.Context, mac string) (string, error) { key := fmt.Sprintf("network/interfaces/macs/%s/interface-id", mac) - interfaceID, err := imds.GetMetadataWithContext(ctx, key) + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: key}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return interfaceID, imdsErr.err - } return "", err } - return interfaceID, err + if output == nil || output.Content == nil { + return "", newIMDSRequestError(key, fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return "", newIMDSRequestError(key, fmt.Errorf("failed to read content: %w", err)) + } + return string(bytes), nil } -func (imds TypedIMDS) getInt(ctx context.Context, key string) (int, error) { - data, err := imds.GetMetadataWithContext(ctx, key) +func (typedimds TypedIMDS) getInt(ctx context.Context, key string) (int, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: key}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return 0, imdsErr.err - } return 0, err } - dataInt, err := strconv.Atoi(data) + if output == nil || output.Content == nil { + return 0, newIMDSRequestError(key, fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return 0, newIMDSRequestError(key, fmt.Errorf("failed to read content: %w", err)) + } + dataInt, err := strconv.Atoi(strings.TrimSpace(string(bytes))) if err != nil { return 0, err } @@ -185,72 +289,112 @@ func (imds TypedIMDS) getInt(ctx context.Context, key string) (int, error) { } // GetDeviceNumber returns the unique device number associated with an interface. The primary interface is 0. -func (imds TypedIMDS) GetDeviceNumber(ctx context.Context, mac string) (int, error) { +func (typedimds TypedIMDS) GetDeviceNumber(ctx context.Context, mac string) (int, error) { key := fmt.Sprintf("network/interfaces/macs/%s/device-number", mac) - return imds.getInt(ctx, key) + return typedimds.getInt(ctx, key) } // GetSubnetID returns the ID of the subnet in which the interface resides. -func (imds TypedIMDS) GetSubnetID(ctx context.Context, mac string) (string, error) { +func (typedimds TypedIMDS) GetSubnetID(ctx context.Context, mac string) (string, error) { key := fmt.Sprintf("network/interfaces/macs/%s/subnet-id", mac) - subnetID, err := imds.GetMetadataWithContext(ctx, key) + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: key, + }) + + // Read the content first, even if there's an error + var subnetID string + if output != nil && output.Content != nil { + defer output.Content.Close() + bytes, readErr := io.ReadAll(output.Content) + if readErr == nil { + subnetID = string(bytes) + } + } + + // Now handle any errors, but return subnetID if it was read if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return subnetID, imdsErr.err + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { + log.Warnf("Warning: %v", err) + return subnetID, newIMDSRequestError(err.Error(), err) } return "", err } - return subnetID, err + + return subnetID, nil } -func (imds TypedIMDS) GetVpcID(ctx context.Context, mac string) (string, error) { +func (typedimds TypedIMDS) GetVpcID(ctx context.Context, mac string) (string, error) { key := fmt.Sprintf("network/interfaces/macs/%s/vpc-id", mac) - vpcID, err := imds.GetMetadataWithContext(ctx, key) + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: key, + }) + + // Read the content first, even if there's an error + var vpcID string + if output != nil && output.Content != nil { + defer output.Content.Close() + bytes, readErr := io.ReadAll(output.Content) + if readErr == nil { + vpcID = string(bytes) + } + } + + // Handle errors but preserve any partial vpcID data if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return vpcID, imdsErr.err + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { + log.Warnf("Warning: %v", err) + return vpcID, newIMDSRequestError(err.Error(), err) } return "", err } - return vpcID, err + + return vpcID, nil } // GetSecurityGroupIDs returns the IDs of the security groups to which the network interface belongs. -func (imds TypedIMDS) GetSecurityGroupIDs(ctx context.Context, mac string) ([]string, error) { +func (typedimds TypedIMDS) GetSecurityGroupIDs(ctx context.Context, mac string) ([]string, error) { key := fmt.Sprintf("network/interfaces/macs/%s/security-group-ids", mac) - sgs, err := imds.getList(ctx, key) + sgs, err := typedimds.getList(ctx, key) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { log.Warnf("%v", err) - return sgs, imdsErr.err + return sgs, newIMDSRequestError(err.Error(), err) } return nil, err } return sgs, err } -func (imds TypedIMDS) getIP(ctx context.Context, key string) (net.IP, error) { - data, err := imds.GetMetadataWithContext(ctx, key) +func (typedimds TypedIMDS) getIP(ctx context.Context, key string) (net.IP, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: key}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return nil, imdsErr.err - } return nil, err } + if output == nil || output.Content == nil { + return nil, newIMDSRequestError(key, fmt.Errorf("empty response")) + } - ip := net.ParseIP(data) + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return nil, newIMDSRequestError(key, fmt.Errorf("failed to read content: %w", err)) + } + ip := net.ParseIP(strings.TrimSpace(string(bytes))) if ip == nil { - err = &net.ParseError{Type: "IP address", Text: data} - return nil, err + err = &net.ParseError{Type: "IP address", Text: string(bytes)} } return ip, err } -func (imds TypedIMDS) getIPs(ctx context.Context, key string) ([]net.IP, error) { - list, err := imds.getList(ctx, key) +func (typedimds TypedIMDS) getIPs(ctx context.Context, key string) ([]net.IP, error) { + list, err := typedimds.getList(ctx, key) if err != nil { return nil, err } @@ -267,16 +411,23 @@ func (imds TypedIMDS) getIPs(ctx context.Context, key string) ([]net.IP, error) return ips, err } -func (imds TypedIMDS) getCIDR(ctx context.Context, key string) (net.IPNet, error) { - data, err := imds.GetMetadataWithContext(ctx, key) +func (typedimds TypedIMDS) getCIDR(ctx context.Context, key string) (net.IPNet, error) { + output, err := typedimds.GetMetadata(ctx, &imds.GetMetadataInput{ + Path: key}) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - log.Warnf("%v", err) - return net.IPNet{}, imdsErr.err - } return net.IPNet{}, err } + if output == nil || output.Content == nil { + return net.IPNet{}, newIMDSRequestError(key, fmt.Errorf("empty response")) + } + + defer output.Content.Close() + bytes, err := io.ReadAll(output.Content) + if err != nil { + return net.IPNet{}, newIMDSRequestError(key, fmt.Errorf("failed to read content: %w", err)) + } + data := strings.TrimSpace(string(bytes)) ip, network, err := net.ParseCIDR(data) if err != nil { return net.IPNet{}, err @@ -286,8 +437,8 @@ func (imds TypedIMDS) getCIDR(ctx context.Context, key string) (net.IPNet, error return cidr, err } -func (imds TypedIMDS) getCIDRs(ctx context.Context, key string) ([]net.IPNet, error) { - list, err := imds.getList(ctx, key) +func (typedimds TypedIMDS) getCIDRs(ctx context.Context, key string) ([]net.IPNet, error) { + list, err := typedimds.getList(ctx, key) if err != nil { return nil, err } @@ -305,13 +456,15 @@ func (imds TypedIMDS) getCIDRs(ctx context.Context, key string) ([]net.IPNet, er } // GetLocalIPv4s returns the private IPv4 addresses associated with the interface. First returned address is the primary address. -func (imds TypedIMDS) GetLocalIPv4s(ctx context.Context, mac string) ([]net.IP, error) { +func (typedimds TypedIMDS) GetLocalIPv4s(ctx context.Context, mac string) ([]net.IP, error) { key := fmt.Sprintf("network/interfaces/macs/%s/local-ipv4s", mac) - ips, err := imds.getIPs(ctx, key) + ips, err := typedimds.getIPs(ctx, key) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { log.Warnf("%v", err) - return nil, imdsErr.err + return nil, newIMDSRequestError(err.Error(), err) } return nil, err } @@ -319,16 +472,19 @@ func (imds TypedIMDS) GetLocalIPv4s(ctx context.Context, mac string) ([]net.IP, } // GetIPv4Prefixes returns the IPv4 prefixes delegated to this interface -func (imds TypedIMDS) GetIPv4Prefixes(ctx context.Context, mac string) ([]net.IPNet, error) { +func (typedimds TypedIMDS) GetIPv4Prefixes(ctx context.Context, mac string) ([]net.IPNet, error) { key := fmt.Sprintf("network/interfaces/macs/%s/ipv4-prefix", mac) - prefixes, err := imds.getCIDRs(ctx, key) + prefixes, err := typedimds.getCIDRs(ctx, key) + if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - if IsNotFound(imdsErr.err) { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { + if IsNotFound(err) { return nil, nil } log.Warnf("%v", err) - return nil, imdsErr.err + return nil, newIMDSRequestError(err.Error(), err) } return nil, err } @@ -336,16 +492,18 @@ func (imds TypedIMDS) GetIPv4Prefixes(ctx context.Context, mac string) ([]net.IP } // GetIPv6Prefixes returns the IPv6 prefixes delegated to this interface -func (imds TypedIMDS) GetIPv6Prefixes(ctx context.Context, mac string) ([]net.IPNet, error) { +func (typedimds TypedIMDS) GetIPv6Prefixes(ctx context.Context, mac string) ([]net.IPNet, error) { key := fmt.Sprintf("network/interfaces/macs/%s/ipv6-prefix", mac) - prefixes, err := imds.getCIDRs(ctx, key) + prefixes, err := typedimds.getCIDRs(ctx, key) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - if IsNotFound(imdsErr.err) { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { + if IsNotFound(err) { return nil, nil } log.Warnf("%v", err) - return nil, imdsErr.err + return nil, newIMDSRequestError(err.Error(), err) } return nil, err } @@ -353,17 +511,19 @@ func (imds TypedIMDS) GetIPv6Prefixes(ctx context.Context, mac string) ([]net.IP } // GetIPv6s returns the IPv6 addresses associated with the interface. -func (imds TypedIMDS) GetIPv6s(ctx context.Context, mac string) ([]net.IP, error) { +func (typedimds TypedIMDS) GetIPv6s(ctx context.Context, mac string) ([]net.IP, error) { key := fmt.Sprintf("network/interfaces/macs/%s/ipv6s", mac) - ips, err := imds.getIPs(ctx, key) + ips, err := typedimds.getIPs(ctx, key) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - if IsNotFound(imdsErr.err) { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { + if IsNotFound(err) { // No IPv6. Not an error, just a disappointment :( return nil, nil } log.Warnf("%v", err) - return nil, imdsErr.err + return nil, newIMDSRequestError(err.Error(), err) } return nil, err } @@ -371,19 +531,21 @@ func (imds TypedIMDS) GetIPv6s(ctx context.Context, mac string) ([]net.IP, error } // GetSubnetIPv4CIDRBlock returns the IPv4 CIDR block for the subnet in which the interface resides. -func (imds TypedIMDS) GetSubnetIPv4CIDRBlock(ctx context.Context, mac string) (net.IPNet, error) { +func (typedimds TypedIMDS) GetSubnetIPv4CIDRBlock(ctx context.Context, mac string) (net.IPNet, error) { key := fmt.Sprintf("network/interfaces/macs/%s/subnet-ipv4-cidr-block", mac) - return imds.getCIDR(ctx, key) + return typedimds.getCIDR(ctx, key) } // GetVPCIPv4CIDRBlocks returns the IPv4 CIDR blocks for the VPC. -func (imds TypedIMDS) GetVPCIPv4CIDRBlocks(ctx context.Context, mac string) ([]net.IPNet, error) { +func (typedimds TypedIMDS) GetVPCIPv4CIDRBlocks(ctx context.Context, mac string) ([]net.IPNet, error) { key := fmt.Sprintf("network/interfaces/macs/%s/vpc-ipv4-cidr-blocks", mac) - cidrs, err := imds.getCIDRs(ctx, key) + cidrs, err := typedimds.getCIDRs(ctx, key) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { log.Warnf("%v", err) - return cidrs, imdsErr.err + return cidrs, newIMDSRequestError(err.Error(), err) } return nil, err } @@ -391,17 +553,19 @@ func (imds TypedIMDS) GetVPCIPv4CIDRBlocks(ctx context.Context, mac string) ([]n } // GetVPCIPv6CIDRBlocks returns the IPv6 CIDR blocks for the VPC. -func (imds TypedIMDS) GetVPCIPv6CIDRBlocks(ctx context.Context, mac string) ([]net.IPNet, error) { +func (typedimds TypedIMDS) GetVPCIPv6CIDRBlocks(ctx context.Context, mac string) ([]net.IPNet, error) { key := fmt.Sprintf("network/interfaces/macs/%s/vpc-ipv6-cidr-blocks", mac) - ipnets, err := imds.getCIDRs(ctx, key) + ipnets, err := typedimds.getCIDRs(ctx, key) if err != nil { - if imdsErr, ok := err.(*imdsRequestError); ok { - if IsNotFound(imdsErr.err) { + imdsErr := new(imdsRequestError) + oe := new(smithy.OperationError) + if errors.As(err, &imdsErr) || errors.As(err, &oe) { + if IsNotFound(err) { // No IPv6. Not an error, just a disappointment :( return nil, nil } log.Warnf("%v", err) - return nil, imdsErr.err + return nil, newIMDSRequestError(err.Error(), err) } return nil, nil } @@ -409,25 +573,107 @@ func (imds TypedIMDS) GetVPCIPv6CIDRBlocks(ctx context.Context, mac string) ([]n } // GetSubnetIPv6CIDRBlocks returns the IPv6 CIDR block for the subnet in which the interface resides. -func (imds TypedIMDS) GetSubnetIPv6CIDRBlocks(ctx context.Context, mac string) (net.IPNet, error) { +func (typedimds TypedIMDS) GetSubnetIPv6CIDRBlocks(ctx context.Context, mac string) (net.IPNet, error) { key := fmt.Sprintf("network/interfaces/macs/%s/subnet-ipv6-cidr-blocks", mac) - return imds.getCIDR(ctx, key) + return typedimds.getCIDR(ctx, key) } // IsNotFound returns true if the error was caused by an AWS API 404 response. +// We implement a Custom IMDS Error, so need to use APIError instead of HTTP Response Error func IsNotFound(err error) bool { - if err != nil { - var aerr awserr.RequestFailure - if errors.As(err, &aerr) { - return aerr.StatusCode() == http.StatusNotFound + if err == nil { + return false + } + + // Check for AWS ResponseError first + var re *awshttp.ResponseError + if errors.As(err, &re) { + return re.Response.StatusCode == http.StatusNotFound + } + + var oe *smithy.OperationError + if errors.As(err, &oe) { + // Check if the error message contains status code 404 + return strings.Contains(oe.Error(), "StatusCode: 404") + } + + // Check for any APIError (including imdsRequestError) + var ae smithy.APIError + if errors.As(err, &ae) { + // If it's our custom error with a wrapped ResponseError, check that + if imdsErr, ok := ae.(*imdsRequestError); ok { + return IsNotFound(imdsErr.err) } + // Otherwise check if the error code indicates NotFound + return ae.ErrorCode() == "NotFound" } + return false } // FakeIMDS is a trivial implementation of EC2MetadataIface using an in-memory map - for testing. type FakeIMDS map[string]interface{} +func (f FakeIMDS) GetMetadata(ctx context.Context, params *imds.GetMetadataInput, optFns ...func(*imds.Options)) (*imds.GetMetadataOutput, error) { + result, ok := f[params.Path] + if !ok { + result, ok = f[params.Path+"/"] // Metadata API treats foo/ as foo + } + if !ok { + notFoundErr := &CustomRequestFailure{ + code: "NotFound", + message: "not found", + fault: smithy.FaultUnknown, + statusCode: http.StatusNotFound, + requestID: "dummy-reqid", + } + return nil, newIMDSRequestError(params.Path, notFoundErr) + } + switch v := result.(type) { + case string: + return &imds.GetMetadataOutput{ + Content: io.NopCloser(strings.NewReader(v)), + }, nil + case error: + return nil, v + default: + panic(fmt.Sprintf("unknown test metadata value type %T for %s", result, params.Path)) + } +} + +// Custom error type +type CustomRequestFailure struct { + code string + message string + fault smithy.ErrorFault + statusCode int + requestID string +} + +func (e *CustomRequestFailure) Error() string { + return fmt.Sprintf("%s: %s", e.code, e.message) +} + +func (e *CustomRequestFailure) ErrorCode() string { + return e.code +} + +func (e *CustomRequestFailure) ErrorMessage() string { + return e.message +} + +func (e *CustomRequestFailure) ErrorFault() smithy.ErrorFault { + return e.fault +} + +func (e *CustomRequestFailure) HTTPStatusCode() int { + return e.statusCode +} + +func (e *CustomRequestFailure) RequestID() string { + return e.requestID +} + // GetMetadataWithContext implements the EC2MetadataIface interface. func (f FakeIMDS) GetMetadataWithContext(ctx context.Context, p string) (string, error) { result, ok := f[p] @@ -435,7 +681,13 @@ func (f FakeIMDS) GetMetadataWithContext(ctx context.Context, p string) (string, result, ok = f[p+"/"] // Metadata API treats foo/ as foo } if !ok { - notFoundErr := awserr.NewRequestFailure(awserr.New("NotFound", "not found", nil), http.StatusNotFound, "dummy-reqid") + notFoundErr := &CustomRequestFailure{ + code: "NotFound", + message: "not found", + fault: smithy.FaultUnknown, + statusCode: http.StatusNotFound, + requestID: "dummy-reqid", + } return "", newIMDSRequestError(p, notFoundErr) } switch v := result.(type) { diff --git a/pkg/awsutils/mocks/awsutils_mocks.go b/pkg/awsutils/mocks/awsutils_mocks.go index 4e71a57549..7cefc58316 100644 --- a/pkg/awsutils/mocks/awsutils_mocks.go +++ b/pkg/awsutils/mocks/awsutils_mocks.go @@ -22,11 +22,11 @@ import ( net "net" reflect "reflect" - "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" - awsutils "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" + datastore "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" vpc "github.com/aws/amazon-vpc-cni-k8s/pkg/vpc" - ec2 "github.com/aws/aws-sdk-go/service/ec2" + ec2 "github.com/aws/aws-sdk-go-v2/service/ec2" + types "github.com/aws/aws-sdk-go-v2/service/ec2/types" gomock "github.com/golang/mock/gomock" ) @@ -227,10 +227,10 @@ func (mr *MockAPIsMockRecorder) GetENILimit() *gomock.Call { } // GetIPv4PrefixesFromEC2 mocks base method. -func (m *MockAPIs) GetIPv4PrefixesFromEC2(arg0 string) ([]*ec2.Ipv4PrefixSpecification, error) { +func (m *MockAPIs) GetIPv4PrefixesFromEC2(arg0 string) ([]types.Ipv4PrefixSpecification, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetIPv4PrefixesFromEC2", arg0) - ret0, _ := ret[0].([]*ec2.Ipv4PrefixSpecification) + ret0, _ := ret[0].([]types.Ipv4PrefixSpecification) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -242,10 +242,10 @@ func (mr *MockAPIsMockRecorder) GetIPv4PrefixesFromEC2(arg0 interface{}) *gomock } // GetIPv4sFromEC2 mocks base method. -func (m *MockAPIs) GetIPv4sFromEC2(arg0 string) ([]*ec2.NetworkInterfacePrivateIpAddress, error) { +func (m *MockAPIs) GetIPv4sFromEC2(arg0 string) ([]types.NetworkInterfacePrivateIpAddress, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetIPv4sFromEC2", arg0) - ret0, _ := ret[0].([]*ec2.NetworkInterfacePrivateIpAddress) + ret0, _ := ret[0].([]types.NetworkInterfacePrivateIpAddress) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -257,10 +257,10 @@ func (mr *MockAPIsMockRecorder) GetIPv4sFromEC2(arg0 interface{}) *gomock.Call { } // GetIPv6PrefixesFromEC2 mocks base method. -func (m *MockAPIs) GetIPv6PrefixesFromEC2(arg0 string) ([]*ec2.Ipv6PrefixSpecification, error) { +func (m *MockAPIs) GetIPv6PrefixesFromEC2(arg0 string) ([]types.Ipv6PrefixSpecification, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetIPv6PrefixesFromEC2", arg0) - ret0, _ := ret[0].([]*ec2.Ipv6PrefixSpecification) + ret0, _ := ret[0].([]types.Ipv6PrefixSpecification) ret1, _ := ret[1].(error) return ret0, ret1 } @@ -468,17 +468,17 @@ func (mr *MockAPIsMockRecorder) IsUnmanagedENI(arg0 interface{}) *gomock.Call { } // RefreshSGIDs mocks base method. -func (m *MockAPIs) RefreshSGIDs(mac string, store *datastore.DataStore) error { +func (m *MockAPIs) RefreshSGIDs(arg0 string, arg1 *datastore.DataStore) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "RefreshSGIDs", mac, store) + ret := m.ctrl.Call(m, "RefreshSGIDs", arg0, arg1) ret0, _ := ret[0].(error) return ret0 } // RefreshSGIDs indicates an expected call of RefreshSGIDs. -func (mr *MockAPIsMockRecorder) RefreshSGIDs(mac, store interface{}) *gomock.Call { +func (mr *MockAPIsMockRecorder) RefreshSGIDs(arg0, arg1 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), mac, store) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), arg0, arg1) } // SetMultiCardENIs mocks base method. diff --git a/pkg/ec2metadatawrapper/ec2metadatawrapper.go b/pkg/ec2metadatawrapper/ec2metadatawrapper.go index 262c1a60e0..196adf3b22 100644 --- a/pkg/ec2metadatawrapper/ec2metadatawrapper.go +++ b/pkg/ec2metadatawrapper/ec2metadatawrapper.go @@ -2,22 +2,22 @@ package ec2metadatawrapper import ( - "github.com/aws/aws-sdk-go/aws/ec2metadata" - "github.com/aws/aws-sdk-go/aws/session" -) + "context" -// TODO: Move away from using mock + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" +) // HTTPClient is used to help with testing type HTTPClient interface { - GetInstanceIdentityDocument() (ec2metadata.EC2InstanceIdentityDocument, error) - Region() (string, error) + GetInstanceIdentityDocument(ctx context.Context, params *imds.GetInstanceIdentityDocumentInput, optFns ...func(*imds.Options)) (*imds.GetInstanceIdentityDocumentOutput, error) + GetRegion(ctx context.Context, params *imds.GetRegionInput, optFns ...func(*imds.Options)) (*imds.GetRegionOutput, error) } // EC2MetadataClient to used to obtain a subset of information from EC2 IMDS type EC2MetadataClient interface { - GetInstanceIdentityDocument() (ec2metadata.EC2InstanceIdentityDocument, error) - Region() (string, error) + GetInstanceIdentityDocument(ctx context.Context, params *imds.GetInstanceIdentityDocumentInput, optFns ...func(*imds.Options)) (*imds.GetInstanceIdentityDocumentOutput, error) + GetRegion(ctx context.Context, params *imds.GetRegionInput, optFns ...func(*imds.Options)) (*imds.GetRegionOutput, error) } type ec2MetadataClientImpl struct { @@ -25,22 +25,27 @@ type ec2MetadataClientImpl struct { } // New creates an ec2metadata client to retrieve metadata -func New(session *session.Session) EC2MetadataClient { - metadata := ec2metadata.New(session) - return NewMetadataService(metadata) +func New(ctx context.Context) (EC2MetadataClient, error) { + cfg, err := config.LoadDefaultConfig(ctx) + if err != nil { + return nil, err + } + + client := imds.NewFromConfig(cfg) + return NewMetadataService(client), nil } // NewMetadataService creates an ec2metadata client to retrieve metadata -func NewMetadataService(metadata HTTPClient) EC2MetadataClient { - return &ec2MetadataClientImpl{client: metadata} +func NewMetadataService(client HTTPClient) EC2MetadataClient { + return &ec2MetadataClientImpl{client: client} } -// InstanceIdentityDocument returns instance identity documents -// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html -func (c *ec2MetadataClientImpl) GetInstanceIdentityDocument() (ec2metadata.EC2InstanceIdentityDocument, error) { - return c.client.GetInstanceIdentityDocument() +// GetInstanceIdentityDocument returns instance identity documents +func (c *ec2MetadataClientImpl) GetInstanceIdentityDocument(ctx context.Context, params *imds.GetInstanceIdentityDocumentInput, optFns ...func(*imds.Options)) (*imds.GetInstanceIdentityDocumentOutput, error) { + return c.client.GetInstanceIdentityDocument(ctx, params, optFns...) } -func (c *ec2MetadataClientImpl) Region() (string, error) { - return c.client.Region() +// GetRegion returns the AWS Region the instance is running in +func (c *ec2MetadataClientImpl) GetRegion(ctx context.Context, params *imds.GetRegionInput, optFns ...func(*imds.Options)) (*imds.GetRegionOutput, error) { + return c.client.GetRegion(ctx, params, optFns...) } diff --git a/pkg/ec2metadatawrapper/ec2metadatawrapper_test.go b/pkg/ec2metadatawrapper/ec2metadatawrapper_test.go index b88f8555f0..81c390ac4c 100644 --- a/pkg/ec2metadatawrapper/ec2metadatawrapper_test.go +++ b/pkg/ec2metadatawrapper/ec2metadatawrapper_test.go @@ -1,11 +1,12 @@ package ec2metadatawrapper import ( + "context" "testing" mockec2metadatawrapper "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2metadatawrapper/mocks" - "github.com/aws/aws-sdk-go/aws/ec2metadata" + ec2metadata "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" "github.com/golang/mock/gomock" "github.com/pkg/errors" "github.com/stretchr/testify/assert" @@ -16,7 +17,7 @@ const ( iidRegion = "us-east-1" ) -var testInstanceIdentityDoc = ec2metadata.EC2InstanceIdentityDocument{ +var testInstanceIdentityDoc = ec2metadata.InstanceIdentityDocument{ Version: "2010-08-31", Region: "us-east-1", InstanceID: "i-01234567", @@ -30,9 +31,13 @@ func TestGetInstanceIdentityDocHappyPath(t *testing.T) { mockGetter := mockec2metadatawrapper.NewMockHTTPClient(ctrl) testClient := NewMetadataService(mockGetter) - mockGetter.EXPECT().GetInstanceIdentityDocument().Return(testInstanceIdentityDoc, nil) + mockGetter.EXPECT().GetInstanceIdentityDocument(gomock.Any(), gomock.Any()).Return(&ec2metadata.GetInstanceIdentityDocumentOutput{ + InstanceIdentityDocument: testInstanceIdentityDoc, + }, nil) - doc, err := testClient.GetInstanceIdentityDocument() + ctx := context.Background() + + doc, err := testClient.GetInstanceIdentityDocument(ctx, &ec2metadata.GetInstanceIdentityDocumentInput{}) assert.NoError(t, err) assert.Equal(t, iidRegion, doc.Region) } @@ -44,9 +49,9 @@ func TestGetInstanceIdentityDocError(t *testing.T) { mockGetter := mockec2metadatawrapper.NewMockHTTPClient(ctrl) testClient := NewMetadataService(mockGetter) - mockGetter.EXPECT().GetInstanceIdentityDocument().Return(ec2metadata.EC2InstanceIdentityDocument{}, errors.New("test error")) - - doc, err := testClient.GetInstanceIdentityDocument() + mockGetter.EXPECT().GetInstanceIdentityDocument(gomock.Any(), gomock.Any()).Return(&ec2metadata.GetInstanceIdentityDocumentOutput{}, errors.New("test error")) + ctx := context.Background() + doc, err := testClient.GetInstanceIdentityDocument(ctx, &ec2metadata.GetInstanceIdentityDocumentInput{}) assert.Error(t, err) assert.Empty(t, doc.Region) } @@ -55,26 +60,27 @@ func TestGetRegionHappyPath(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - mockGetter := mockec2metadatawrapper.NewMockHTTPClient(ctrl) + mockGetter := mockec2metadatawrapper.NewMockEC2MetadataClient(ctrl) testClient := NewMetadataService(mockGetter) - mockGetter.EXPECT().Region().Return(iidRegion, nil) + expectedRegion := "us-west-2" + mockGetter.EXPECT().GetRegion(gomock.Any(), gomock.Any()).Return(&ec2metadata.GetRegionOutput{Region: expectedRegion}, nil) - region, err := testClient.Region() + region, err := testClient.GetRegion(context.Background(), &ec2metadata.GetRegionInput{}) assert.NoError(t, err) - assert.Equal(t, iidRegion, region) + assert.Equal(t, expectedRegion, region.Region) } func TestGetRegionErr(t *testing.T) { ctrl := gomock.NewController(t) defer ctrl.Finish() - mockGetter := mockec2metadatawrapper.NewMockHTTPClient(ctrl) + mockGetter := mockec2metadatawrapper.NewMockEC2MetadataClient(ctrl) testClient := NewMetadataService(mockGetter) - mockGetter.EXPECT().Region().Return("", errors.New("test error")) + mockGetter.EXPECT().GetRegion(gomock.Any(), gomock.Any()).Return(nil, errors.New("test error")) - region, err := testClient.Region() + region, err := testClient.GetRegion(context.Background(), &ec2metadata.GetRegionInput{}) assert.Error(t, err) assert.Empty(t, region) } diff --git a/pkg/ec2metadatawrapper/mocks/ec2metadatawrapper_mocks.go b/pkg/ec2metadatawrapper/mocks/ec2metadatawrapper_mocks.go index 5126131b25..c26e0d44fa 100644 --- a/pkg/ec2metadatawrapper/mocks/ec2metadatawrapper_mocks.go +++ b/pkg/ec2metadatawrapper/mocks/ec2metadatawrapper_mocks.go @@ -19,9 +19,10 @@ package mock_ec2metadatawrapper import ( + context "context" reflect "reflect" - ec2metadata "github.com/aws/aws-sdk-go/aws/ec2metadata" + imds "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" gomock "github.com/golang/mock/gomock" ) @@ -49,33 +50,43 @@ func (m *MockHTTPClient) EXPECT() *MockHTTPClientMockRecorder { } // GetInstanceIdentityDocument mocks base method. -func (m *MockHTTPClient) GetInstanceIdentityDocument() (ec2metadata.EC2InstanceIdentityDocument, error) { +func (m *MockHTTPClient) GetInstanceIdentityDocument(arg0 context.Context, arg1 *imds.GetInstanceIdentityDocumentInput, arg2 ...func(*imds.Options)) (*imds.GetInstanceIdentityDocumentOutput, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetInstanceIdentityDocument") - ret0, _ := ret[0].(ec2metadata.EC2InstanceIdentityDocument) + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetInstanceIdentityDocument", varargs...) + ret0, _ := ret[0].(*imds.GetInstanceIdentityDocumentOutput) ret1, _ := ret[1].(error) return ret0, ret1 } // GetInstanceIdentityDocument indicates an expected call of GetInstanceIdentityDocument. -func (mr *MockHTTPClientMockRecorder) GetInstanceIdentityDocument() *gomock.Call { +func (mr *MockHTTPClientMockRecorder) GetInstanceIdentityDocument(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceIdentityDocument", reflect.TypeOf((*MockHTTPClient)(nil).GetInstanceIdentityDocument)) + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceIdentityDocument", reflect.TypeOf((*MockHTTPClient)(nil).GetInstanceIdentityDocument), varargs...) } -// Region mocks base method. -func (m *MockHTTPClient) Region() (string, error) { +// GetRegion mocks base method. +func (m *MockHTTPClient) GetRegion(arg0 context.Context, arg1 *imds.GetRegionInput, arg2 ...func(*imds.Options)) (*imds.GetRegionOutput, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Region") - ret0, _ := ret[0].(string) + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetRegion", varargs...) + ret0, _ := ret[0].(*imds.GetRegionOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// Region indicates an expected call of Region. -func (mr *MockHTTPClientMockRecorder) Region() *gomock.Call { +// GetRegion indicates an expected call of GetRegion. +func (mr *MockHTTPClientMockRecorder) GetRegion(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Region", reflect.TypeOf((*MockHTTPClient)(nil).Region)) + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetRegion", reflect.TypeOf((*MockHTTPClient)(nil).GetRegion), varargs...) } // MockEC2MetadataClient is a mock of EC2MetadataClient interface. @@ -102,31 +113,41 @@ func (m *MockEC2MetadataClient) EXPECT() *MockEC2MetadataClientMockRecorder { } // GetInstanceIdentityDocument mocks base method. -func (m *MockEC2MetadataClient) GetInstanceIdentityDocument() (ec2metadata.EC2InstanceIdentityDocument, error) { +func (m *MockEC2MetadataClient) GetInstanceIdentityDocument(arg0 context.Context, arg1 *imds.GetInstanceIdentityDocumentInput, arg2 ...func(*imds.Options)) (*imds.GetInstanceIdentityDocumentOutput, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetInstanceIdentityDocument") - ret0, _ := ret[0].(ec2metadata.EC2InstanceIdentityDocument) + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetInstanceIdentityDocument", varargs...) + ret0, _ := ret[0].(*imds.GetInstanceIdentityDocumentOutput) ret1, _ := ret[1].(error) return ret0, ret1 } // GetInstanceIdentityDocument indicates an expected call of GetInstanceIdentityDocument. -func (mr *MockEC2MetadataClientMockRecorder) GetInstanceIdentityDocument() *gomock.Call { +func (mr *MockEC2MetadataClientMockRecorder) GetInstanceIdentityDocument(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceIdentityDocument", reflect.TypeOf((*MockEC2MetadataClient)(nil).GetInstanceIdentityDocument)) + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceIdentityDocument", reflect.TypeOf((*MockEC2MetadataClient)(nil).GetInstanceIdentityDocument), varargs...) } -// Region mocks base method. -func (m *MockEC2MetadataClient) Region() (string, error) { +// GetRegion mocks base method. +func (m *MockEC2MetadataClient) GetRegion(arg0 context.Context, arg1 *imds.GetRegionInput, arg2 ...func(*imds.Options)) (*imds.GetRegionOutput, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Region") - ret0, _ := ret[0].(string) + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetRegion", varargs...) + ret0, _ := ret[0].(*imds.GetRegionOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// Region indicates an expected call of Region. -func (mr *MockEC2MetadataClientMockRecorder) Region() *gomock.Call { +// GetRegion indicates an expected call of GetRegion. +func (mr *MockEC2MetadataClientMockRecorder) GetRegion(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Region", reflect.TypeOf((*MockEC2MetadataClient)(nil).Region)) + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetRegion", reflect.TypeOf((*MockEC2MetadataClient)(nil).GetRegion), varargs...) } diff --git a/pkg/ec2wrapper/client.go b/pkg/ec2wrapper/client.go index 09242ab08f..eca2c897fa 100644 --- a/pkg/ec2wrapper/client.go +++ b/pkg/ec2wrapper/client.go @@ -14,32 +14,31 @@ package ec2wrapper import ( - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/aws/session" - ec2svc "github.com/aws/aws-sdk-go/service/ec2" + "context" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" ) // EC2 is the EC2 wrapper interface type EC2 interface { - CreateNetworkInterfaceWithContext(ctx aws.Context, input *ec2svc.CreateNetworkInterfaceInput, opts ...request.Option) (*ec2svc.CreateNetworkInterfaceOutput, error) - DescribeInstancesWithContext(ctx aws.Context, input *ec2svc.DescribeInstancesInput, opts ...request.Option) (*ec2svc.DescribeInstancesOutput, error) - DescribeInstanceTypesWithContext(ctx aws.Context, input *ec2svc.DescribeInstanceTypesInput, opts ...request.Option) (*ec2svc.DescribeInstanceTypesOutput, error) - AttachNetworkInterfaceWithContext(ctx aws.Context, input *ec2svc.AttachNetworkInterfaceInput, opts ...request.Option) (*ec2svc.AttachNetworkInterfaceOutput, error) - DeleteNetworkInterfaceWithContext(ctx aws.Context, input *ec2svc.DeleteNetworkInterfaceInput, opts ...request.Option) (*ec2svc.DeleteNetworkInterfaceOutput, error) - DetachNetworkInterfaceWithContext(ctx aws.Context, input *ec2svc.DetachNetworkInterfaceInput, opts ...request.Option) (*ec2svc.DetachNetworkInterfaceOutput, error) - AssignPrivateIpAddressesWithContext(ctx aws.Context, input *ec2svc.AssignPrivateIpAddressesInput, opts ...request.Option) (*ec2svc.AssignPrivateIpAddressesOutput, error) - UnassignPrivateIpAddressesWithContext(ctx aws.Context, input *ec2svc.UnassignPrivateIpAddressesInput, opts ...request.Option) (*ec2svc.UnassignPrivateIpAddressesOutput, error) - AssignIpv6AddressesWithContext(ctx aws.Context, input *ec2svc.AssignIpv6AddressesInput, opts ...request.Option) (*ec2svc.AssignIpv6AddressesOutput, error) - UnassignIpv6AddressesWithContext(ctx aws.Context, input *ec2svc.UnassignIpv6AddressesInput, opts ...request.Option) (*ec2svc.UnassignIpv6AddressesOutput, error) - DescribeNetworkInterfacesWithContext(ctx aws.Context, input *ec2svc.DescribeNetworkInterfacesInput, opts ...request.Option) (*ec2svc.DescribeNetworkInterfacesOutput, error) - ModifyNetworkInterfaceAttributeWithContext(ctx aws.Context, input *ec2svc.ModifyNetworkInterfaceAttributeInput, opts ...request.Option) (*ec2svc.ModifyNetworkInterfaceAttributeOutput, error) - CreateTagsWithContext(ctx aws.Context, input *ec2svc.CreateTagsInput, opts ...request.Option) (*ec2svc.CreateTagsOutput, error) - DescribeNetworkInterfacesPagesWithContext(ctx aws.Context, input *ec2svc.DescribeNetworkInterfacesInput, fn func(*ec2svc.DescribeNetworkInterfacesOutput, bool) bool, opts ...request.Option) error - DescribeSubnetsWithContext(ctx aws.Context, input *ec2svc.DescribeSubnetsInput, opts ...request.Option) (*ec2svc.DescribeSubnetsOutput, error) + CreateNetworkInterface(ctx context.Context, input *ec2.CreateNetworkInterfaceInput, opts ...func(*ec2.Options)) (*ec2.CreateNetworkInterfaceOutput, error) + DescribeInstances(ctx context.Context, input *ec2.DescribeInstancesInput, opts ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error) + DescribeInstanceTypes(ctx context.Context, input *ec2.DescribeInstanceTypesInput, opts ...func(*ec2.Options)) (*ec2.DescribeInstanceTypesOutput, error) + AttachNetworkInterface(ctx context.Context, input *ec2.AttachNetworkInterfaceInput, opts ...func(*ec2.Options)) (*ec2.AttachNetworkInterfaceOutput, error) + DeleteNetworkInterface(ctx context.Context, input *ec2.DeleteNetworkInterfaceInput, opts ...func(*ec2.Options)) (*ec2.DeleteNetworkInterfaceOutput, error) + DetachNetworkInterface(ctx context.Context, input *ec2.DetachNetworkInterfaceInput, opts ...func(*ec2.Options)) (*ec2.DetachNetworkInterfaceOutput, error) + AssignPrivateIpAddresses(ctx context.Context, input *ec2.AssignPrivateIpAddressesInput, opts ...func(*ec2.Options)) (*ec2.AssignPrivateIpAddressesOutput, error) + UnassignPrivateIpAddresses(ctx context.Context, input *ec2.UnassignPrivateIpAddressesInput, opts ...func(*ec2.Options)) (*ec2.UnassignPrivateIpAddressesOutput, error) + AssignIpv6Addresses(ctx context.Context, input *ec2.AssignIpv6AddressesInput, opts ...func(*ec2.Options)) (*ec2.AssignIpv6AddressesOutput, error) + UnassignIpv6Addresses(ctx context.Context, input *ec2.UnassignIpv6AddressesInput, opts ...func(*ec2.Options)) (*ec2.UnassignIpv6AddressesOutput, error) + DescribeNetworkInterfaces(ctx context.Context, input *ec2.DescribeNetworkInterfacesInput, opts ...func(*ec2.Options)) (*ec2.DescribeNetworkInterfacesOutput, error) + ModifyNetworkInterfaceAttribute(ctx context.Context, input *ec2.ModifyNetworkInterfaceAttributeInput, opts ...func(*ec2.Options)) (*ec2.ModifyNetworkInterfaceAttributeOutput, error) + CreateTags(ctx context.Context, input *ec2.CreateTagsInput, opts ...func(*ec2.Options)) (*ec2.CreateTagsOutput, error) + DescribeSubnets(ctx context.Context, input *ec2.DescribeSubnetsInput, opts ...func(*ec2.Options)) (*ec2.DescribeSubnetsOutput, error) } // New creates a new EC2 wrapper -func New(sess *session.Session) EC2 { - return ec2svc.New(sess) +func New(cfg aws.Config) *ec2.Client { + return ec2.NewFromConfig(cfg) } diff --git a/pkg/ec2wrapper/ec2wrapper.go b/pkg/ec2wrapper/ec2wrapper.go index 4d736dece9..6b1be12d56 100644 --- a/pkg/ec2wrapper/ec2wrapper.go +++ b/pkg/ec2wrapper/ec2wrapper.go @@ -2,13 +2,15 @@ package ec2wrapper import ( - "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" + "context" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2metadatawrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/ec2metadata" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/aws/aws-sdk-go/service/ec2/ec2iface" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config" + ec2metadata "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/pkg/errors" ) @@ -23,50 +25,56 @@ var log = logger.Get() // EC2Wrapper is used to wrap around EC2 service APIs to obtain ClusterID from // the ec2 instance tags type EC2Wrapper struct { - ec2ServiceClient ec2iface.EC2API - instanceIdentityDocument ec2metadata.EC2InstanceIdentityDocument + ec2ServiceClient ec2.DescribeTagsAPIClient + instanceIdentityDocument ec2metadata.InstanceIdentityDocument } // NewMetricsClient returns an instance of the EC2 wrapper func NewMetricsClient() (*EC2Wrapper, error) { - sess := awssession.New() - ec2MetadataClient := ec2metadatawrapper.New(sess) + ctx := context.TODO() + ec2MetadataClient, err := ec2metadatawrapper.New(ctx) + if err != nil { + return &EC2Wrapper{}, err + } - instanceIdentityDocument, err := ec2MetadataClient.GetInstanceIdentityDocument() + instanceIdentityDocumentOutput, err := ec2MetadataClient.GetInstanceIdentityDocument(ctx, &ec2metadata.GetInstanceIdentityDocumentInput{}) if err != nil { return &EC2Wrapper{}, err } - awsCfg := aws.NewConfig().WithRegion(instanceIdentityDocument.Region) - sess = sess.Copy(awsCfg) - ec2ServiceClient := ec2.New(sess) + awsCfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(instanceIdentityDocumentOutput.Region)) + if err != nil { + return &EC2Wrapper{}, err + } + ec2ServiceClient := ec2.NewFromConfig(awsCfg) return &EC2Wrapper{ ec2ServiceClient: ec2ServiceClient, - instanceIdentityDocument: instanceIdentityDocument, + instanceIdentityDocument: instanceIdentityDocumentOutput.InstanceIdentityDocument, }, nil } // GetClusterTag is used to retrieve a tag from the ec2 instance func (e *EC2Wrapper) GetClusterTag(tagKey string) (string, error) { + ctx := context.TODO() input := ec2.DescribeTagsInput{ - Filters: []*ec2.Filter{ + Filters: []ec2types.Filter{ { Name: aws.String(resourceID), - Values: []*string{ - aws.String(e.instanceIdentityDocument.InstanceID), + Values: []string{ + e.instanceIdentityDocument.InstanceID, }, }, { Name: aws.String(resourceKey), - Values: []*string{ - aws.String(tagKey), + Values: []string{ + tagKey, }, }, }, } log.Infof("Calling DescribeTags with key %s", tagKey) - results, err := e.ec2ServiceClient.DescribeTags(&input) + results, err := e.ec2ServiceClient.DescribeTags(ctx, &input) if err != nil { return "", errors.Wrap(err, "GetClusterTag: Unable to obtain EC2 instance tags") } @@ -75,5 +83,5 @@ func (e *EC2Wrapper) GetClusterTag(tagKey string) (string, error) { return "", errors.Errorf("GetClusterTag: No tag matching key: %s", tagKey) } - return aws.StringValue(results.Tags[0].Value), nil + return aws.ToString(results.Tags[0].Value), nil } diff --git a/pkg/ec2wrapper/ec2wrapper_test.go b/pkg/ec2wrapper/ec2wrapper_test.go index 6ffc43c3c9..6817fec954 100644 --- a/pkg/ec2wrapper/ec2wrapper_test.go +++ b/pkg/ec2wrapper/ec2wrapper_test.go @@ -1,18 +1,19 @@ package ec2wrapper import ( + "context" "testing" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/ec2metadata" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/aws/aws-sdk-go/service/ec2/ec2iface" + "github.com/aws/aws-sdk-go-v2/aws" + ec2metadata "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/pkg/errors" "github.com/stretchr/testify/assert" ) -var testInstanceIdentityDocument = ec2metadata.EC2InstanceIdentityDocument{ +var testInstanceIdentityDocument = ec2metadata.InstanceIdentityDocument{ PrivateIP: "172.1.1.1", AvailabilityZone: "us-east-1a", Version: "2010-08-31", @@ -29,7 +30,7 @@ var testInstanceIdentityDocument = ec2metadata.EC2InstanceIdentityDocument{ func TestGetClusterID(t *testing.T) { mockEC2ServiceClient := mockEC2ServiceClient{ tags: &ec2.DescribeTagsOutput{ - Tags: []*ec2.TagDescription{ + Tags: []ec2types.TagDescription{ { Value: aws.String("TEST_CLUSTER_ID"), }, @@ -65,7 +66,7 @@ func TestGetClusterIDWithError(t *testing.T) { func TestGetClusterIDWithInsufficientTags(t *testing.T) { mockEC2ServiceClient := mockEC2ServiceClient{ tags: &ec2.DescribeTagsOutput{ - Tags: []*ec2.TagDescription{}, + Tags: []ec2types.TagDescription{}, }, } @@ -80,12 +81,11 @@ func TestGetClusterIDWithInsufficientTags(t *testing.T) { } type mockEC2ServiceClient struct { - ec2iface.EC2API + ec2.DescribeInstancesAPIClient tags *ec2.DescribeTagsOutput tagsErr error } -func (f mockEC2ServiceClient) DescribeTags(input *ec2.DescribeTagsInput) (*ec2.DescribeTagsOutput, error) { - return f.tags, f.tagsErr - +func (m mockEC2ServiceClient) DescribeTags(ctx context.Context, input *ec2.DescribeTagsInput, f ...func(*ec2.Options)) (*ec2.DescribeTagsOutput, error) { + return m.tags, m.tagsErr } diff --git a/pkg/ec2wrapper/mocks/ec2wrapper_mocks.go b/pkg/ec2wrapper/mocks/ec2wrapper_mocks.go index 53446727f5..cf8cb72824 100644 --- a/pkg/ec2wrapper/mocks/ec2wrapper_mocks.go +++ b/pkg/ec2wrapper/mocks/ec2wrapper_mocks.go @@ -22,8 +22,7 @@ import ( context "context" reflect "reflect" - request "github.com/aws/aws-sdk-go/aws/request" - ec2 "github.com/aws/aws-sdk-go/service/ec2" + ec2 "github.com/aws/aws-sdk-go-v2/service/ec2" gomock "github.com/golang/mock/gomock" ) @@ -50,301 +49,282 @@ func (m *MockEC2) EXPECT() *MockEC2MockRecorder { return m.recorder } -// AssignIpv6AddressesWithContext mocks base method. -func (m *MockEC2) AssignIpv6AddressesWithContext(arg0 context.Context, arg1 *ec2.AssignIpv6AddressesInput, arg2 ...request.Option) (*ec2.AssignIpv6AddressesOutput, error) { +// AssignIpv6Addresses mocks base method. +func (m *MockEC2) AssignIpv6Addresses(arg0 context.Context, arg1 *ec2.AssignIpv6AddressesInput, arg2 ...func(*ec2.Options)) (*ec2.AssignIpv6AddressesOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "AssignIpv6AddressesWithContext", varargs...) + ret := m.ctrl.Call(m, "AssignIpv6Addresses", varargs...) ret0, _ := ret[0].(*ec2.AssignIpv6AddressesOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// AssignIpv6AddressesWithContext indicates an expected call of AssignIpv6AddressesWithContext. -func (mr *MockEC2MockRecorder) AssignIpv6AddressesWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// AssignIpv6Addresses indicates an expected call of AssignIpv6Addresses. +func (mr *MockEC2MockRecorder) AssignIpv6Addresses(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AssignIpv6AddressesWithContext", reflect.TypeOf((*MockEC2)(nil).AssignIpv6AddressesWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AssignIpv6Addresses", reflect.TypeOf((*MockEC2)(nil).AssignIpv6Addresses), varargs...) } -// AssignPrivateIpAddressesWithContext mocks base method. -func (m *MockEC2) AssignPrivateIpAddressesWithContext(arg0 context.Context, arg1 *ec2.AssignPrivateIpAddressesInput, arg2 ...request.Option) (*ec2.AssignPrivateIpAddressesOutput, error) { +// AssignPrivateIpAddresses mocks base method. +func (m *MockEC2) AssignPrivateIpAddresses(arg0 context.Context, arg1 *ec2.AssignPrivateIpAddressesInput, arg2 ...func(*ec2.Options)) (*ec2.AssignPrivateIpAddressesOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "AssignPrivateIpAddressesWithContext", varargs...) + ret := m.ctrl.Call(m, "AssignPrivateIpAddresses", varargs...) ret0, _ := ret[0].(*ec2.AssignPrivateIpAddressesOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// AssignPrivateIpAddressesWithContext indicates an expected call of AssignPrivateIpAddressesWithContext. -func (mr *MockEC2MockRecorder) AssignPrivateIpAddressesWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// AssignPrivateIpAddresses indicates an expected call of AssignPrivateIpAddresses. +func (mr *MockEC2MockRecorder) AssignPrivateIpAddresses(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AssignPrivateIpAddressesWithContext", reflect.TypeOf((*MockEC2)(nil).AssignPrivateIpAddressesWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AssignPrivateIpAddresses", reflect.TypeOf((*MockEC2)(nil).AssignPrivateIpAddresses), varargs...) } -// AttachNetworkInterfaceWithContext mocks base method. -func (m *MockEC2) AttachNetworkInterfaceWithContext(arg0 context.Context, arg1 *ec2.AttachNetworkInterfaceInput, arg2 ...request.Option) (*ec2.AttachNetworkInterfaceOutput, error) { +// AttachNetworkInterface mocks base method. +func (m *MockEC2) AttachNetworkInterface(arg0 context.Context, arg1 *ec2.AttachNetworkInterfaceInput, arg2 ...func(*ec2.Options)) (*ec2.AttachNetworkInterfaceOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "AttachNetworkInterfaceWithContext", varargs...) + ret := m.ctrl.Call(m, "AttachNetworkInterface", varargs...) ret0, _ := ret[0].(*ec2.AttachNetworkInterfaceOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// AttachNetworkInterfaceWithContext indicates an expected call of AttachNetworkInterfaceWithContext. -func (mr *MockEC2MockRecorder) AttachNetworkInterfaceWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// AttachNetworkInterface indicates an expected call of AttachNetworkInterface. +func (mr *MockEC2MockRecorder) AttachNetworkInterface(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AttachNetworkInterfaceWithContext", reflect.TypeOf((*MockEC2)(nil).AttachNetworkInterfaceWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AttachNetworkInterface", reflect.TypeOf((*MockEC2)(nil).AttachNetworkInterface), varargs...) } -// CreateNetworkInterfaceWithContext mocks base method. -func (m *MockEC2) CreateNetworkInterfaceWithContext(arg0 context.Context, arg1 *ec2.CreateNetworkInterfaceInput, arg2 ...request.Option) (*ec2.CreateNetworkInterfaceOutput, error) { +// CreateNetworkInterface mocks base method. +func (m *MockEC2) CreateNetworkInterface(arg0 context.Context, arg1 *ec2.CreateNetworkInterfaceInput, arg2 ...func(*ec2.Options)) (*ec2.CreateNetworkInterfaceOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "CreateNetworkInterfaceWithContext", varargs...) + ret := m.ctrl.Call(m, "CreateNetworkInterface", varargs...) ret0, _ := ret[0].(*ec2.CreateNetworkInterfaceOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// CreateNetworkInterfaceWithContext indicates an expected call of CreateNetworkInterfaceWithContext. -func (mr *MockEC2MockRecorder) CreateNetworkInterfaceWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// CreateNetworkInterface indicates an expected call of CreateNetworkInterface. +func (mr *MockEC2MockRecorder) CreateNetworkInterface(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateNetworkInterfaceWithContext", reflect.TypeOf((*MockEC2)(nil).CreateNetworkInterfaceWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateNetworkInterface", reflect.TypeOf((*MockEC2)(nil).CreateNetworkInterface), varargs...) } -// CreateTagsWithContext mocks base method. -func (m *MockEC2) CreateTagsWithContext(arg0 context.Context, arg1 *ec2.CreateTagsInput, arg2 ...request.Option) (*ec2.CreateTagsOutput, error) { +// CreateTags mocks base method. +func (m *MockEC2) CreateTags(arg0 context.Context, arg1 *ec2.CreateTagsInput, arg2 ...func(*ec2.Options)) (*ec2.CreateTagsOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "CreateTagsWithContext", varargs...) + ret := m.ctrl.Call(m, "CreateTags", varargs...) ret0, _ := ret[0].(*ec2.CreateTagsOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// CreateTagsWithContext indicates an expected call of CreateTagsWithContext. -func (mr *MockEC2MockRecorder) CreateTagsWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// CreateTags indicates an expected call of CreateTags. +func (mr *MockEC2MockRecorder) CreateTags(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateTagsWithContext", reflect.TypeOf((*MockEC2)(nil).CreateTagsWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateTags", reflect.TypeOf((*MockEC2)(nil).CreateTags), varargs...) } -// DeleteNetworkInterfaceWithContext mocks base method. -func (m *MockEC2) DeleteNetworkInterfaceWithContext(arg0 context.Context, arg1 *ec2.DeleteNetworkInterfaceInput, arg2 ...request.Option) (*ec2.DeleteNetworkInterfaceOutput, error) { +// DeleteNetworkInterface mocks base method. +func (m *MockEC2) DeleteNetworkInterface(arg0 context.Context, arg1 *ec2.DeleteNetworkInterfaceInput, arg2 ...func(*ec2.Options)) (*ec2.DeleteNetworkInterfaceOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "DeleteNetworkInterfaceWithContext", varargs...) + ret := m.ctrl.Call(m, "DeleteNetworkInterface", varargs...) ret0, _ := ret[0].(*ec2.DeleteNetworkInterfaceOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// DeleteNetworkInterfaceWithContext indicates an expected call of DeleteNetworkInterfaceWithContext. -func (mr *MockEC2MockRecorder) DeleteNetworkInterfaceWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// DeleteNetworkInterface indicates an expected call of DeleteNetworkInterface. +func (mr *MockEC2MockRecorder) DeleteNetworkInterface(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteNetworkInterfaceWithContext", reflect.TypeOf((*MockEC2)(nil).DeleteNetworkInterfaceWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteNetworkInterface", reflect.TypeOf((*MockEC2)(nil).DeleteNetworkInterface), varargs...) } -// DescribeInstanceTypesWithContext mocks base method. -func (m *MockEC2) DescribeInstanceTypesWithContext(arg0 context.Context, arg1 *ec2.DescribeInstanceTypesInput, arg2 ...request.Option) (*ec2.DescribeInstanceTypesOutput, error) { +// DescribeInstanceTypes mocks base method. +func (m *MockEC2) DescribeInstanceTypes(arg0 context.Context, arg1 *ec2.DescribeInstanceTypesInput, arg2 ...func(*ec2.Options)) (*ec2.DescribeInstanceTypesOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "DescribeInstanceTypesWithContext", varargs...) + ret := m.ctrl.Call(m, "DescribeInstanceTypes", varargs...) ret0, _ := ret[0].(*ec2.DescribeInstanceTypesOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// DescribeInstanceTypesWithContext indicates an expected call of DescribeInstanceTypesWithContext. -func (mr *MockEC2MockRecorder) DescribeInstanceTypesWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// DescribeInstanceTypes indicates an expected call of DescribeInstanceTypes. +func (mr *MockEC2MockRecorder) DescribeInstanceTypes(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeInstanceTypesWithContext", reflect.TypeOf((*MockEC2)(nil).DescribeInstanceTypesWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeInstanceTypes", reflect.TypeOf((*MockEC2)(nil).DescribeInstanceTypes), varargs...) } -// DescribeInstancesWithContext mocks base method. -func (m *MockEC2) DescribeInstancesWithContext(arg0 context.Context, arg1 *ec2.DescribeInstancesInput, arg2 ...request.Option) (*ec2.DescribeInstancesOutput, error) { +// DescribeInstances mocks base method. +func (m *MockEC2) DescribeInstances(arg0 context.Context, arg1 *ec2.DescribeInstancesInput, arg2 ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "DescribeInstancesWithContext", varargs...) + ret := m.ctrl.Call(m, "DescribeInstances", varargs...) ret0, _ := ret[0].(*ec2.DescribeInstancesOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// DescribeInstancesWithContext indicates an expected call of DescribeInstancesWithContext. -func (mr *MockEC2MockRecorder) DescribeInstancesWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// DescribeInstances indicates an expected call of DescribeInstances. +func (mr *MockEC2MockRecorder) DescribeInstances(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeInstancesWithContext", reflect.TypeOf((*MockEC2)(nil).DescribeInstancesWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeInstances", reflect.TypeOf((*MockEC2)(nil).DescribeInstances), varargs...) } -// DescribeNetworkInterfacesPagesWithContext mocks base method. -func (m *MockEC2) DescribeNetworkInterfacesPagesWithContext(arg0 context.Context, arg1 *ec2.DescribeNetworkInterfacesInput, arg2 func(*ec2.DescribeNetworkInterfacesOutput, bool) bool, arg3 ...request.Option) error { - m.ctrl.T.Helper() - varargs := []interface{}{arg0, arg1, arg2} - for _, a := range arg3 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "DescribeNetworkInterfacesPagesWithContext", varargs...) - ret0, _ := ret[0].(error) - return ret0 -} - -// DescribeNetworkInterfacesPagesWithContext indicates an expected call of DescribeNetworkInterfacesPagesWithContext. -func (mr *MockEC2MockRecorder) DescribeNetworkInterfacesPagesWithContext(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - varargs := append([]interface{}{arg0, arg1, arg2}, arg3...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeNetworkInterfacesPagesWithContext", reflect.TypeOf((*MockEC2)(nil).DescribeNetworkInterfacesPagesWithContext), varargs...) -} - -// DescribeNetworkInterfacesWithContext mocks base method. -func (m *MockEC2) DescribeNetworkInterfacesWithContext(arg0 context.Context, arg1 *ec2.DescribeNetworkInterfacesInput, arg2 ...request.Option) (*ec2.DescribeNetworkInterfacesOutput, error) { +// DescribeNetworkInterfaces mocks base method. +func (m *MockEC2) DescribeNetworkInterfaces(arg0 context.Context, arg1 *ec2.DescribeNetworkInterfacesInput, arg2 ...func(*ec2.Options)) (*ec2.DescribeNetworkInterfacesOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "DescribeNetworkInterfacesWithContext", varargs...) + ret := m.ctrl.Call(m, "DescribeNetworkInterfaces", varargs...) ret0, _ := ret[0].(*ec2.DescribeNetworkInterfacesOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// DescribeNetworkInterfacesWithContext indicates an expected call of DescribeNetworkInterfacesWithContext. -func (mr *MockEC2MockRecorder) DescribeNetworkInterfacesWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// DescribeNetworkInterfaces indicates an expected call of DescribeNetworkInterfaces. +func (mr *MockEC2MockRecorder) DescribeNetworkInterfaces(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeNetworkInterfacesWithContext", reflect.TypeOf((*MockEC2)(nil).DescribeNetworkInterfacesWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeNetworkInterfaces", reflect.TypeOf((*MockEC2)(nil).DescribeNetworkInterfaces), varargs...) } -// DescribeSubnetsWithContext mocks base method. -func (m *MockEC2) DescribeSubnetsWithContext(arg0 context.Context, arg1 *ec2.DescribeSubnetsInput, arg2 ...request.Option) (*ec2.DescribeSubnetsOutput, error) { +// DescribeSubnets mocks base method. +func (m *MockEC2) DescribeSubnets(arg0 context.Context, arg1 *ec2.DescribeSubnetsInput, arg2 ...func(*ec2.Options)) (*ec2.DescribeSubnetsOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "DescribeSubnetsWithContext", varargs...) + ret := m.ctrl.Call(m, "DescribeSubnets", varargs...) ret0, _ := ret[0].(*ec2.DescribeSubnetsOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// DescribeSubnetsWithContext indicates an expected call of DescribeSubnetsWithContext. -func (mr *MockEC2MockRecorder) DescribeSubnetsWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// DescribeSubnets indicates an expected call of DescribeSubnets. +func (mr *MockEC2MockRecorder) DescribeSubnets(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeSubnetsWithContext", reflect.TypeOf((*MockEC2)(nil).DescribeSubnetsWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeSubnets", reflect.TypeOf((*MockEC2)(nil).DescribeSubnets), varargs...) } -// DetachNetworkInterfaceWithContext mocks base method. -func (m *MockEC2) DetachNetworkInterfaceWithContext(arg0 context.Context, arg1 *ec2.DetachNetworkInterfaceInput, arg2 ...request.Option) (*ec2.DetachNetworkInterfaceOutput, error) { +// DetachNetworkInterface mocks base method. +func (m *MockEC2) DetachNetworkInterface(arg0 context.Context, arg1 *ec2.DetachNetworkInterfaceInput, arg2 ...func(*ec2.Options)) (*ec2.DetachNetworkInterfaceOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "DetachNetworkInterfaceWithContext", varargs...) + ret := m.ctrl.Call(m, "DetachNetworkInterface", varargs...) ret0, _ := ret[0].(*ec2.DetachNetworkInterfaceOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// DetachNetworkInterfaceWithContext indicates an expected call of DetachNetworkInterfaceWithContext. -func (mr *MockEC2MockRecorder) DetachNetworkInterfaceWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// DetachNetworkInterface indicates an expected call of DetachNetworkInterface. +func (mr *MockEC2MockRecorder) DetachNetworkInterface(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DetachNetworkInterfaceWithContext", reflect.TypeOf((*MockEC2)(nil).DetachNetworkInterfaceWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DetachNetworkInterface", reflect.TypeOf((*MockEC2)(nil).DetachNetworkInterface), varargs...) } -// ModifyNetworkInterfaceAttributeWithContext mocks base method. -func (m *MockEC2) ModifyNetworkInterfaceAttributeWithContext(arg0 context.Context, arg1 *ec2.ModifyNetworkInterfaceAttributeInput, arg2 ...request.Option) (*ec2.ModifyNetworkInterfaceAttributeOutput, error) { +// ModifyNetworkInterfaceAttribute mocks base method. +func (m *MockEC2) ModifyNetworkInterfaceAttribute(arg0 context.Context, arg1 *ec2.ModifyNetworkInterfaceAttributeInput, arg2 ...func(*ec2.Options)) (*ec2.ModifyNetworkInterfaceAttributeOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "ModifyNetworkInterfaceAttributeWithContext", varargs...) + ret := m.ctrl.Call(m, "ModifyNetworkInterfaceAttribute", varargs...) ret0, _ := ret[0].(*ec2.ModifyNetworkInterfaceAttributeOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// ModifyNetworkInterfaceAttributeWithContext indicates an expected call of ModifyNetworkInterfaceAttributeWithContext. -func (mr *MockEC2MockRecorder) ModifyNetworkInterfaceAttributeWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// ModifyNetworkInterfaceAttribute indicates an expected call of ModifyNetworkInterfaceAttribute. +func (mr *MockEC2MockRecorder) ModifyNetworkInterfaceAttribute(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ModifyNetworkInterfaceAttributeWithContext", reflect.TypeOf((*MockEC2)(nil).ModifyNetworkInterfaceAttributeWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ModifyNetworkInterfaceAttribute", reflect.TypeOf((*MockEC2)(nil).ModifyNetworkInterfaceAttribute), varargs...) } -// UnassignIpv6AddressesWithContext mocks base method. -func (m *MockEC2) UnassignIpv6AddressesWithContext(arg0 context.Context, arg1 *ec2.UnassignIpv6AddressesInput, arg2 ...request.Option) (*ec2.UnassignIpv6AddressesOutput, error) { +// UnassignIpv6Addresses mocks base method. +func (m *MockEC2) UnassignIpv6Addresses(arg0 context.Context, arg1 *ec2.UnassignIpv6AddressesInput, arg2 ...func(*ec2.Options)) (*ec2.UnassignIpv6AddressesOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "UnassignIpv6AddressesWithContext", varargs...) + ret := m.ctrl.Call(m, "UnassignIpv6Addresses", varargs...) ret0, _ := ret[0].(*ec2.UnassignIpv6AddressesOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// UnassignIpv6AddressesWithContext indicates an expected call of UnassignIpv6AddressesWithContext. -func (mr *MockEC2MockRecorder) UnassignIpv6AddressesWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// UnassignIpv6Addresses indicates an expected call of UnassignIpv6Addresses. +func (mr *MockEC2MockRecorder) UnassignIpv6Addresses(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UnassignIpv6AddressesWithContext", reflect.TypeOf((*MockEC2)(nil).UnassignIpv6AddressesWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UnassignIpv6Addresses", reflect.TypeOf((*MockEC2)(nil).UnassignIpv6Addresses), varargs...) } -// UnassignPrivateIpAddressesWithContext mocks base method. -func (m *MockEC2) UnassignPrivateIpAddressesWithContext(arg0 context.Context, arg1 *ec2.UnassignPrivateIpAddressesInput, arg2 ...request.Option) (*ec2.UnassignPrivateIpAddressesOutput, error) { +// UnassignPrivateIpAddresses mocks base method. +func (m *MockEC2) UnassignPrivateIpAddresses(arg0 context.Context, arg1 *ec2.UnassignPrivateIpAddressesInput, arg2 ...func(*ec2.Options)) (*ec2.UnassignPrivateIpAddressesOutput, error) { m.ctrl.T.Helper() varargs := []interface{}{arg0, arg1} for _, a := range arg2 { varargs = append(varargs, a) } - ret := m.ctrl.Call(m, "UnassignPrivateIpAddressesWithContext", varargs...) + ret := m.ctrl.Call(m, "UnassignPrivateIpAddresses", varargs...) ret0, _ := ret[0].(*ec2.UnassignPrivateIpAddressesOutput) ret1, _ := ret[1].(error) return ret0, ret1 } -// UnassignPrivateIpAddressesWithContext indicates an expected call of UnassignPrivateIpAddressesWithContext. -func (mr *MockEC2MockRecorder) UnassignPrivateIpAddressesWithContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { +// UnassignPrivateIpAddresses indicates an expected call of UnassignPrivateIpAddresses. +func (mr *MockEC2MockRecorder) UnassignPrivateIpAddresses(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UnassignPrivateIpAddressesWithContext", reflect.TypeOf((*MockEC2)(nil).UnassignPrivateIpAddressesWithContext), varargs...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UnassignPrivateIpAddresses", reflect.TypeOf((*MockEC2)(nil).UnassignPrivateIpAddresses), varargs...) } diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 588bc3870a..3ba394ec5e 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -24,11 +24,12 @@ import ( "sync/atomic" "time" + "github.com/aws/smithy-go" + "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go-v2/aws" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/pkg/errors" "github.com/prometheus/client_golang/prometheus" "github.com/samber/lo" @@ -306,20 +307,23 @@ func prometheusRegister() { // containsInsufficientCIDRsOrSubnetIPs returns whether a CIDR cannot be carved in the subnet or subnet is running out of IP addresses func containsInsufficientCIDRsOrSubnetIPs(err error) bool { - var awsErr awserr.Error + log.Debugf("containsInsufficientCIDRsOrSubnetIPs encountered %v", err) + var apiErr smithy.APIError // IP exhaustion can be due to Insufficient Cidr blocks or Insufficient Free Address in a Subnet // In these 2 cases we will back off for 2 minutes before retrying - if errors.As(err, &awsErr) { - log.Debugf("Insufficient IP Addresses due to: %v\n", awsErr.Code()) - return awsErr.Code() == INSUFFICIENT_CIDR_BLOCKS || awsErr.Code() == INSUFFICIENT_FREE_IP_SUBNET + if errors.As(err, &apiErr) { + log.Debugf("Insufficient IP Addresses due to: %v\n", apiErr.ErrorCode()) + return apiErr.ErrorCode() == INSUFFICIENT_CIDR_BLOCKS || apiErr.ErrorCode() == INSUFFICIENT_FREE_IP_SUBNET } return false } // containsPrivateIPAddressLimitExceededError returns whether exceeds ENI's IP address limit func containsPrivateIPAddressLimitExceededError(err error) bool { - if aerr, ok := err.(awserr.Error); ok { - return aerr.Code() == "PrivateIpAddressLimitExceeded" + log.Debugf("containsPrivateIPAddressLimitExceededError encountered %v", err) + var apiErr smithy.APIError + if errors.As(err, &apiErr) { + return apiErr.ErrorCode() == "PrivateIpAddressLimitExceeded" } return false } @@ -942,7 +946,7 @@ func (c *IPAMContext) tryAssignIPs() (increasedPool bool, err error) { } } - var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress + var ec2ip4s []ec2types.NetworkInterfacePrivateIpAddress if containsPrivateIPAddressLimitExceededError(err) { log.Debug("AssignPrivateIpAddresses returned PrivateIpAddressLimitExceeded. This can happen if the data store is out of sync." + "Returning without an error here since we will verify the actual state by calling EC2 to see what addresses have already assigned to this ENI.") @@ -960,7 +964,7 @@ func (c *IPAMContext) tryAssignIPs() (increasedPool bool, err error) { ec2Addrs := output.AssignedPrivateIpAddresses for _, ec2Addr := range ec2Addrs { - ec2ip4s = append(ec2ip4s, &ec2.NetworkInterfacePrivateIpAddress{PrivateIpAddress: aws.String(aws.StringValue(ec2Addr.PrivateIpAddress))}) + ec2ip4s = append(ec2ip4s, ec2types.NetworkInterfacePrivateIpAddress{PrivateIpAddress: ec2Addr.PrivateIpAddress}) } } c.addENIsecondaryIPsToDataStore(ec2ip4s, eni.ID) @@ -996,14 +1000,14 @@ func (c *IPAMContext) assignIPv6Prefix(eniID string) (err error) { return err } for _, v6Prefix := range strPrefixes { - ec2v6Prefixes = append(ec2v6Prefixes, &ec2.Ipv6PrefixSpecification{Ipv6Prefix: v6Prefix}) + ec2v6Prefixes = append(ec2v6Prefixes, ec2types.Ipv6PrefixSpecification{Ipv6Prefix: v6Prefix}) } log.Debugf("Successfully allocated an IPv6Prefix for ENI: %s", eniID) } else if len(ec2v6Prefixes) > 1 { //Found more than one v6 prefix attached to the ENI. VPC CNI will only attach a single v6 prefix //and it will not attempt to free any additional Prefixes that are already attached. //Will use the first IPv6 Prefix attached for IP address allocation. - ec2v6Prefixes = []*ec2.Ipv6PrefixSpecification{ec2v6Prefixes[0]} + ec2v6Prefixes = []ec2types.Ipv6PrefixSpecification{ec2v6Prefixes[0]} } c.addENIv6prefixesToDataStore(ec2v6Prefixes, eniID) return nil @@ -1032,7 +1036,7 @@ func (c *IPAMContext) tryAssignPrefixes() (increasedPool bool, err error) { } } - var ec2Prefixes []*ec2.Ipv4PrefixSpecification + var ec2Prefixes []ec2types.Ipv4PrefixSpecification if containsPrivateIPAddressLimitExceededError(err) { log.Debug("AssignPrivateIpAddresses returned PrivateIpAddressLimitExceeded. This can happen if the data store is out of sync." + "Returning without an error here since we will verify the actual state by calling EC2 to see what addresses have already assigned to this ENI.") @@ -1111,13 +1115,13 @@ func (c *IPAMContext) setupENI(eni string, eniMetadata awsutils.ENIMetadata, isT return nil } -func (c *IPAMContext) addENIsecondaryIPsToDataStore(ec2PrivateIpAddrs []*ec2.NetworkInterfacePrivateIpAddress, eni string) { +func (c *IPAMContext) addENIsecondaryIPsToDataStore(ec2PrivateIpAddrs []ec2types.NetworkInterfacePrivateIpAddress, eni string) { // Add all the secondary IPs for _, ec2PrivateIpAddr := range ec2PrivateIpAddrs { - if aws.BoolValue(ec2PrivateIpAddr.Primary) { + if aws.ToBool(ec2PrivateIpAddr.Primary) { continue } - cidr := net.IPNet{IP: net.ParseIP(aws.StringValue(ec2PrivateIpAddr.PrivateIpAddress)), Mask: net.IPv4Mask(255, 255, 255, 255)} + cidr := net.IPNet{IP: net.ParseIP(aws.ToString(ec2PrivateIpAddr.PrivateIpAddress)), Mask: net.IPv4Mask(255, 255, 255, 255)} err := c.dataStore.AddIPv4CidrToStore(eni, cidr, false) if err != nil && err.Error() != datastore.IPAlreadyInStoreError { log.Warnf("Failed to increase IP pool, failed to add IP %s to data store", ec2PrivateIpAddr.PrivateIpAddress) @@ -1128,10 +1132,10 @@ func (c *IPAMContext) addENIsecondaryIPsToDataStore(ec2PrivateIpAddrs []*ec2.Net c.logPoolStats(c.dataStore.GetIPStats(ipV4AddrFamily)) } -func (c *IPAMContext) addENIv4prefixesToDataStore(ec2PrefixAddrs []*ec2.Ipv4PrefixSpecification, eni string) { +func (c *IPAMContext) addENIv4prefixesToDataStore(ec2PrefixAddrs []ec2types.Ipv4PrefixSpecification, eni string) { // Walk thru all prefixes for _, ec2PrefixAddr := range ec2PrefixAddrs { - strIpv4Prefix := aws.StringValue(ec2PrefixAddr.Ipv4Prefix) + strIpv4Prefix := aws.ToString(ec2PrefixAddr.Ipv4Prefix) _, ipnet, err := net.ParseCIDR(strIpv4Prefix) if err != nil { //Parsing failed, get next prefix @@ -1149,11 +1153,11 @@ func (c *IPAMContext) addENIv4prefixesToDataStore(ec2PrefixAddrs []*ec2.Ipv4Pref c.logPoolStats(c.dataStore.GetIPStats(ipV4AddrFamily)) } -func (c *IPAMContext) addENIv6prefixesToDataStore(ec2PrefixAddrs []*ec2.Ipv6PrefixSpecification, eni string) { +func (c *IPAMContext) addENIv6prefixesToDataStore(ec2PrefixAddrs []ec2types.Ipv6PrefixSpecification, eni string) { log.Debugf("Updating datastore with IPv6Prefix(es) for ENI: %v, count: %v", eni, len(ec2PrefixAddrs)) // Walk through all prefixes for _, ec2PrefixAddr := range ec2PrefixAddrs { - strIpv6Prefix := aws.StringValue(ec2PrefixAddr.Ipv6Prefix) + strIpv6Prefix := aws.ToString(ec2PrefixAddr.Ipv6Prefix) _, ipnet, err := net.ParseCIDR(strIpv6Prefix) if err != nil { // Parsing failed, get next prefix @@ -1541,11 +1545,11 @@ func (c *IPAMContext) eniPrefixPoolReconcile(prefixPool []string, attachedENI aw // verifyAndAddIPsToDatastore updates the datastore with the known secondary IPs. IPs who are out of cooldown gets added // back to the datastore after being verified against EC2. -func (c *IPAMContext) verifyAndAddIPsToDatastore(eni string, attachedENIIPs []*ec2.NetworkInterfacePrivateIpAddress, needEC2Reconcile bool) map[string]bool { - var ec2VerifiedAddresses []*ec2.NetworkInterfacePrivateIpAddress +func (c *IPAMContext) verifyAndAddIPsToDatastore(eni string, attachedENIIPs []ec2types.NetworkInterfacePrivateIpAddress, needEC2Reconcile bool) map[string]bool { + var ec2VerifiedAddresses []ec2types.NetworkInterfacePrivateIpAddress seenIPs := make(map[string]bool) for _, privateIPv4 := range attachedENIIPs { - strPrivateIPv4 := aws.StringValue(privateIPv4.PrivateIpAddress) + strPrivateIPv4 := aws.ToString(privateIPv4.PrivateIpAddress) if strPrivateIPv4 == c.primaryIP[eni] { log.Infof("Reconcile and skip primary IP %s on ENI %s", strPrivateIPv4, eni) continue @@ -1577,7 +1581,7 @@ func (c *IPAMContext) verifyAndAddIPsToDatastore(eni string, attachedENIIPs []*e // Verify that the IP really belongs to this ENI isReallyAttachedToENI := false for _, ec2Addr := range ec2VerifiedAddresses { - if strPrivateIPv4 == aws.StringValue(ec2Addr.PrivateIpAddress) { + if strPrivateIPv4 == aws.ToString(ec2Addr.PrivateIpAddress) { isReallyAttachedToENI = true log.Debugf("Verified that IP %s is attached to ENI %s", strPrivateIPv4, eni) break @@ -1612,11 +1616,11 @@ func (c *IPAMContext) verifyAndAddIPsToDatastore(eni string, attachedENIIPs []*e // verifyAndAddPrefixesToDatastore updates the datastore with the known Prefixes. Prefixes who are out of cooldown gets added // back to the datastore after being verified against EC2. -func (c *IPAMContext) verifyAndAddPrefixesToDatastore(eni string, attachedENIPrefixes []*ec2.Ipv4PrefixSpecification, needEC2Reconcile bool) map[string]bool { - var ec2VerifiedAddresses []*ec2.Ipv4PrefixSpecification +func (c *IPAMContext) verifyAndAddPrefixesToDatastore(eni string, attachedENIPrefixes []ec2types.Ipv4PrefixSpecification, needEC2Reconcile bool) map[string]bool { + var ec2VerifiedAddresses []ec2types.Ipv4PrefixSpecification seenIPs := make(map[string]bool) for _, privateIPv4Cidr := range attachedENIPrefixes { - strPrivateIPv4Cidr := aws.StringValue(privateIPv4Cidr.Ipv4Prefix) + strPrivateIPv4Cidr := aws.ToString(privateIPv4Cidr.Ipv4Prefix) log.Debugf("Check in coolddown Found prefix %s", strPrivateIPv4Cidr) // Check if this Prefix was recently freed @@ -1650,7 +1654,7 @@ func (c *IPAMContext) verifyAndAddPrefixesToDatastore(eni string, attachedENIPre // Verify that the Prefix really belongs to this ENI isReallyAttachedToENI := false for _, ec2Addr := range ec2VerifiedAddresses { - if strPrivateIPv4Cidr == aws.StringValue(ec2Addr.Ipv4Prefix) { + if strPrivateIPv4Cidr == aws.ToString(ec2Addr.Ipv4Prefix) { isReallyAttachedToENI = true log.Debugf("Verified that IP %s is attached to ENI %s", strPrivateIPv4Cidr, eni) break diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index 7999a5e4a8..ef796ac2e4 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -24,9 +24,10 @@ import ( "testing" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/smithy-go" + + "github.com/aws/aws-sdk-go-v2/aws" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/golang/mock/gomock" "github.com/samber/lo" "github.com/stretchr/testify/assert" @@ -368,7 +369,7 @@ func getDummyENIMetadata() (awsutils.ENIMetadata, awsutils.ENIMetadata, awsutils MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -383,7 +384,7 @@ func getDummyENIMetadata() (awsutils.ENIMetadata, awsutils.ENIMetadata, awsutils MAC: secMAC, DeviceNumber: secDevice, SubnetIPv4CIDR: secSubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr11, Primary: ¬Primary, }, @@ -398,7 +399,7 @@ func getDummyENIMetadata() (awsutils.ENIMetadata, awsutils.ENIMetadata, awsutils MAC: terMAC, DeviceNumber: terDevice, SubnetIPv4CIDR: terSubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr21, Primary: ¬Primary, }, @@ -420,12 +421,12 @@ func getDummyENIMetadataWithPrefix() (awsutils.ENIMetadata, awsutils.ENIMetadata MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, }, - IPv4Prefixes: []*ec2.Ipv4PrefixSpecification{ + IPv4Prefixes: []ec2types.Ipv4PrefixSpecification{ { Ipv4Prefix: &testPrefix1, }, @@ -437,7 +438,7 @@ func getDummyENIMetadataWithPrefix() (awsutils.ENIMetadata, awsutils.ENIMetadata MAC: secMAC, DeviceNumber: secDevice, SubnetIPv4CIDR: secSubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr2, Primary: &primary, }, @@ -455,12 +456,12 @@ func getDummyENIMetadataWithV6Prefix() awsutils.ENIMetadata { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, }, - IPv6Prefixes: []*ec2.Ipv6PrefixSpecification{ + IPv6Prefixes: []ec2types.Ipv6PrefixSpecification{ { Ipv6Prefix: &testv6Prefix, }, @@ -549,7 +550,7 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool, MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -563,7 +564,7 @@ func testIncreaseIPPool(t *testing.T, useENIConfig bool, unschedulabeNode bool, MAC: secMAC, DeviceNumber: secDevice, SubnetIPv4CIDR: secSubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr11, Primary: ¬Primary, }, @@ -629,11 +630,21 @@ func assertAllocationExternalCalls(shouldCall bool, useENIConfig bool, m *testMo callCount = 1 } + originalErr := errors.New("err") + if useENIConfig { m.awsutils.EXPECT().AllocENI(true, sg, podENIConfig.Subnet, 14).Times(callCount).Return(eni2, nil) } else if subnetDiscovery { - m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 14).Times(callCount).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) - m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Times(callCount).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 14).Times(callCount).Return(nil, &smithy.GenericAPIError{ + Code: "InsufficientFreeAddressesInSubnet", + Message: originalErr.Error(), + Fault: smithy.FaultUnknown, + }) + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Times(callCount).Return(nil, &smithy.GenericAPIError{ + Code: "InsufficientFreeAddressesInSubnet", + Message: originalErr.Error(), + Fault: smithy.FaultUnknown, + }) m.awsutils.EXPECT().AllocENI(false, nil, "", 14).Times(callCount).Return(eni2, nil) } else { m.awsutils.EXPECT().AllocENI(false, nil, "", 14).Times(callCount).Return(eni2, nil) @@ -702,11 +713,21 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig, subnetDiscovery bool) { sg = append(sg, aws.String(sgID)) } + originalErr := errors.New("err") + if useENIConfig { m.awsutils.EXPECT().AllocENI(true, sg, podENIConfig.Subnet, 1).Return(eni2, nil) } else if subnetDiscovery { - m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) - m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Return(nil, awserr.New("InsufficientFreeAddressesInSubnet", "", errors.New("err"))) + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Return(nil, &smithy.GenericAPIError{ + Code: "InsufficientFreeAddressesInSubnet", + Message: originalErr.Error(), + Fault: smithy.FaultUnknown, + }) + m.awsutils.EXPECT().AllocIPAddresses(primaryENIid, 1).Return(nil, &smithy.GenericAPIError{ + Code: "InsufficientFreeAddressesInSubnet", + Message: originalErr.Error(), + Fault: smithy.FaultUnknown, + }) m.awsutils.EXPECT().AllocENI(false, nil, "", 1).Return(eni2, nil) } else { m.awsutils.EXPECT().AllocENI(false, nil, "", 1).Return(eni2, nil) @@ -718,12 +739,12 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig, subnetDiscovery bool) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, }, - IPv4Prefixes: []*ec2.Ipv4PrefixSpecification{ + IPv4Prefixes: []ec2types.Ipv4PrefixSpecification{ { Ipv4Prefix: &testPrefix1, }, @@ -734,12 +755,12 @@ func testIncreasePrefixPool(t *testing.T, useENIConfig, subnetDiscovery bool) { MAC: secMAC, DeviceNumber: secDevice, SubnetIPv4CIDR: secSubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr11, Primary: &primary, }, }, - IPv4Prefixes: []*ec2.Ipv4PrefixSpecification{ + IPv4Prefixes: []ec2types.Ipv4PrefixSpecification{ { Ipv4Prefix: &testPrefix2, }, @@ -872,7 +893,7 @@ func TestTryAddIPToENI(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -886,7 +907,7 @@ func TestTryAddIPToENI(t *testing.T) { MAC: secMAC, DeviceNumber: secDevice, SubnetIPv4CIDR: secSubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr11, Primary: ¬Primary, }, @@ -960,7 +981,7 @@ func TestNodeIPPoolReconcile(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1059,7 +1080,7 @@ func TestNodePrefixPoolReconcile(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1676,7 +1697,7 @@ func TestNodeIPPoolReconcileBadIMDSData(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1698,7 +1719,7 @@ func TestNodeIPPoolReconcileBadIMDSData(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1762,7 +1783,7 @@ func TestNodePrefixPoolReconcileBadIMDSData(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1784,7 +1805,7 @@ func TestNodePrefixPoolReconcileBadIMDSData(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1819,7 +1840,7 @@ func getPrimaryENIMetadata() awsutils.ENIMetadata { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1844,7 +1865,7 @@ func getSecondaryENIMetadata() awsutils.ENIMetadata { MAC: secMAC, DeviceNumber: secDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr3, Primary: &primary, }, @@ -1866,12 +1887,12 @@ func getPrimaryENIMetadataPDenabled() awsutils.ENIMetadata { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, }, - IPv4Prefixes: []*ec2.Ipv4PrefixSpecification{ + IPv4Prefixes: []ec2types.Ipv4PrefixSpecification{ { Ipv4Prefix: &testPrefix1, }, @@ -1890,12 +1911,12 @@ func getSecondaryENIMetadataPDenabled() awsutils.ENIMetadata { MAC: secMAC, DeviceNumber: secDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr3, Primary: &primary, }, }, - IPv4Prefixes: []*ec2.Ipv4PrefixSpecification{ + IPv4Prefixes: []ec2types.Ipv4PrefixSpecification{ { Ipv4Prefix: &testPrefix2, }, @@ -1926,7 +1947,7 @@ func TestIPAMContext_setupENI(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, @@ -1972,7 +1993,7 @@ func TestIPAMContext_setupENIwithPDenabled(t *testing.T) { MAC: primaryMAC, DeviceNumber: primaryDevice, SubnetIPv4CIDR: primarySubnet, - IPv4Addresses: []*ec2.NetworkInterfacePrivateIpAddress{ + IPv4Addresses: []ec2types.NetworkInterfacePrivateIpAddress{ { PrivateIpAddress: &testAddr1, Primary: &primary, }, diff --git a/pkg/publisher/generate_mocks.go b/pkg/publisher/generate_mocks.go new file mode 100644 index 0000000000..50531740ff --- /dev/null +++ b/pkg/publisher/generate_mocks.go @@ -0,0 +1,16 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package publisher + +//go:generate go run github.com/golang/mock/mockgen -source=publisher.go -destination mock_publisher/mock_publisher.go -copyright_file ../../scripts/copyright.txt . diff --git a/pkg/publisher/mock_publisher/mock_publisher.go b/pkg/publisher/mock_publisher/mock_publisher.go index 49ae6d93a6..7680febbc0 100644 --- a/pkg/publisher/mock_publisher/mock_publisher.go +++ b/pkg/publisher/mock_publisher/mock_publisher.go @@ -1,3 +1,17 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. +// + // Code generated by MockGen. DO NOT EDIT. // Source: publisher.go @@ -5,64 +19,116 @@ package mock_publisher import ( - cloudwatch "github.com/aws/aws-sdk-go/service/cloudwatch" - gomock "github.com/golang/mock/gomock" + context "context" reflect "reflect" + + cloudwatch "github.com/aws/aws-sdk-go-v2/service/cloudwatch" + types "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" + gomock "github.com/golang/mock/gomock" ) -// MockPublisher is a mock of Publisher interface +// MockcloudWatchAPI is a mock of cloudWatchAPI interface. +type MockcloudWatchAPI struct { + ctrl *gomock.Controller + recorder *MockcloudWatchAPIMockRecorder +} + +// MockcloudWatchAPIMockRecorder is the mock recorder for MockcloudWatchAPI. +type MockcloudWatchAPIMockRecorder struct { + mock *MockcloudWatchAPI +} + +// NewMockcloudWatchAPI creates a new mock instance. +func NewMockcloudWatchAPI(ctrl *gomock.Controller) *MockcloudWatchAPI { + mock := &MockcloudWatchAPI{ctrl: ctrl} + mock.recorder = &MockcloudWatchAPIMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockcloudWatchAPI) EXPECT() *MockcloudWatchAPIMockRecorder { + return m.recorder +} + +// PutMetricData mocks base method. +func (m *MockcloudWatchAPI) PutMetricData(ctx context.Context, params *cloudwatch.PutMetricDataInput, optFns ...func(*cloudwatch.Options)) (*cloudwatch.PutMetricDataOutput, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, params} + for _, a := range optFns { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "PutMetricData", varargs...) + ret0, _ := ret[0].(*cloudwatch.PutMetricDataOutput) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// PutMetricData indicates an expected call of PutMetricData. +func (mr *MockcloudWatchAPIMockRecorder) PutMetricData(ctx, params interface{}, optFns ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, params}, optFns...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PutMetricData", reflect.TypeOf((*MockcloudWatchAPI)(nil).PutMetricData), varargs...) +} + +// MockPublisher is a mock of Publisher interface. type MockPublisher struct { ctrl *gomock.Controller recorder *MockPublisherMockRecorder } -// MockPublisherMockRecorder is the mock recorder for MockPublisher +// MockPublisherMockRecorder is the mock recorder for MockPublisher. type MockPublisherMockRecorder struct { mock *MockPublisher } -// NewMockPublisher creates a new mock instance +// NewMockPublisher creates a new mock instance. func NewMockPublisher(ctrl *gomock.Controller) *MockPublisher { mock := &MockPublisher{ctrl: ctrl} mock.recorder = &MockPublisherMockRecorder{mock} return mock } -// EXPECT returns an object that allows the caller to indicate expected use +// EXPECT returns an object that allows the caller to indicate expected use. func (m *MockPublisher) EXPECT() *MockPublisherMockRecorder { return m.recorder } -// Publish mocks base method -func (m *MockPublisher) Publish(metricDataPoints ...*cloudwatch.MetricDatum) { +// Publish mocks base method. +func (m *MockPublisher) Publish(metricsDataPoints ...types.MetricDatum) { + m.ctrl.T.Helper() varargs := []interface{}{} - for _, a := range metricDataPoints { + for _, a := range metricsDataPoints { varargs = append(varargs, a) } m.ctrl.Call(m, "Publish", varargs...) } -// Publish indicates an expected call of Publish -func (mr *MockPublisherMockRecorder) Publish(metricDataPoints ...interface{}) *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Publish", reflect.TypeOf((*MockPublisher)(nil).Publish), metricDataPoints...) +// Publish indicates an expected call of Publish. +func (mr *MockPublisherMockRecorder) Publish(metricsDataPoints ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Publish", reflect.TypeOf((*MockPublisher)(nil).Publish), metricsDataPoints...) } -// Start mocks base method +// Start mocks base method. func (m *MockPublisher) Start(publishInterval int) { + m.ctrl.T.Helper() m.ctrl.Call(m, "Start", publishInterval) } -// Start indicates an expected call of Start -func (mr *MockPublisherMockRecorder) Start() *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Start", reflect.TypeOf((*MockPublisher)(nil).Start)) +// Start indicates an expected call of Start. +func (mr *MockPublisherMockRecorder) Start(publishInterval interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Start", reflect.TypeOf((*MockPublisher)(nil).Start), publishInterval) } -// Stop mocks base method +// Stop mocks base method. func (m *MockPublisher) Stop() { + m.ctrl.T.Helper() m.ctrl.Call(m, "Stop") } -// Stop indicates an expected call of Stop +// Stop indicates an expected call of Stop. func (mr *MockPublisherMockRecorder) Stop() *gomock.Call { + mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Stop", reflect.TypeOf((*MockPublisher)(nil).Stop)) } diff --git a/pkg/publisher/publisher.go b/pkg/publisher/publisher.go index d22df68e4c..598e09b40d 100644 --- a/pkg/publisher/publisher.go +++ b/pkg/publisher/publisher.go @@ -19,9 +19,11 @@ import ( "sync" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cloudwatch" - "github.com/aws/aws-sdk-go/service/cloudwatch/cloudwatchiface" + ec2metadata "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/cloudwatch" + types "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" "github.com/pkg/errors" "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" @@ -56,10 +58,15 @@ var ( } ) +// cloudWatchAPI defines the interface with methods required from CloudWatch Service +type cloudWatchAPI interface { + PutMetricData(ctx context.Context, params *cloudwatch.PutMetricDataInput, optFns ...func(*cloudwatch.Options)) (*cloudwatch.PutMetricDataOutput, error) +} + // Publisher defines the interface to publish one or more data points type Publisher interface { // Publish publishes one or more metric data points - Publish(metricDataPoints ...*cloudwatch.MetricDatum) + Publish(metricsDataPoints ...types.MetricDatum) // Start is to initiate the batch and publish operation Start(publishInterval int) @@ -75,8 +82,8 @@ type cloudWatchPublisher struct { cancel context.CancelFunc updateIntervalTicker *time.Ticker clusterID string - cloudwatchClient cloudwatchiface.CloudWatchAPI - localMetricData []*cloudwatch.MetricDatum + cloudwatchClient cloudWatchAPI + localMetricData []types.MetricDatum lock sync.RWMutex log logger.Logger } @@ -88,38 +95,39 @@ type cloudWatchPublisher struct { // not specified clusterID then its a Cx error // New returns a new instance of `Publisher` func New(ctx context.Context, region string, clusterID string, log logger.Logger) (Publisher, error) { - sess := awssession.New() + ctx = context.Background() + cfg, err := awssession.New(ctx) + if err != nil { + return nil, err + } // If Customers have explicitly specified clusterID then skip generating it if clusterID == "" { - ec2Client, err := ec2wrapper.NewMetricsClient() + ec2client, err := ec2wrapper.NewMetricsClient() if err != nil { return nil, errors.Wrap(err, "publisher: unable to obtain EC2 service client") } - - clusterID = getClusterID(ec2Client, log) + clusterID = getClusterID(ec2client, log) } // Try to fetch region if not available if region == "" { // Get ec2metadata client - ec2MetadataClient := ec2metadatawrapper.New(sess) - val, err := ec2MetadataClient.Region() + ec2Metadataclient, err := ec2metadatawrapper.New(ctx) if err != nil { - return nil, errors.Wrap(err, "publisher: Unable to obtain region") + return nil, err + } + output, err := ec2Metadataclient.GetRegion(ctx, &ec2metadata.GetRegionInput{}) + region = output.Region + if err != nil { + return nil, err } - region = val } log.Infof("Using REGION=%s and CLUSTER_ID=%s", region, clusterID) - // Get AWS session - awsCfg := aws.Config{ - Region: aws.String(region), - } - sess = sess.Copy(&awsCfg) - // Get CloudWatch client - cloudwatchClient := cloudwatch.New(sess) + cfg.Region = region + cloudwatchClient := cloudwatch.NewFromConfig(cfg) // Build derived context derivedContext, cancel := context.WithCancel(ctx) @@ -129,7 +137,7 @@ func New(ctx context.Context, region string, clusterID string, log logger.Logger cancel: cancel, cloudwatchClient: cloudwatchClient, clusterID: clusterID, - localMetricData: make([]*cloudwatch.MetricDatum, 0, localMetricDataSize), + localMetricData: make([]types.MetricDatum, 0, localMetricDataSize), log: log, }, nil } @@ -148,11 +156,10 @@ func (p *cloudWatchPublisher) Stop() { } // Publish is a variadic function to publish one or more metric data points -func (p *cloudWatchPublisher) Publish(metricDataPoints ...*cloudwatch.MetricDatum) { +func (p *cloudWatchPublisher) Publish(metricDataPoints ...types.MetricDatum) { // Fetch dimensions for override p.log.Info("Fetching CloudWatch dimensions") dimensions := p.getCloudWatchMetricDatumDimensions() - // Grab lock p.lock.Lock() defer p.lock.Unlock() @@ -167,24 +174,24 @@ func (p *cloudWatchPublisher) Publish(metricDataPoints ...*cloudwatch.MetricDatu func (p *cloudWatchPublisher) pushLocal() { p.lock.Lock() data := p.localMetricData[:] - p.localMetricData = make([]*cloudwatch.MetricDatum, 0, localMetricDataSize) + p.localMetricData = make([]types.MetricDatum, 0, localMetricDataSize) p.lock.Unlock() p.push(data) } -func (p *cloudWatchPublisher) push(metricData []*cloudwatch.MetricDatum) { +func (p *cloudWatchPublisher) push(metricData []types.MetricDatum) { if len(metricData) == 0 { p.log.Info("Missing data for publishing CloudWatch metrics") return } // Setup input - input := cloudwatch.PutMetricDataInput{} - input.Namespace = p.getCloudWatchMetricNamespace() + input := &cloudwatch.PutMetricDataInput{ + Namespace: aws.String(cloudwatchMetricNamespace), + } - // NOTE: Ensure cap of 40K per request and enforce rate limiting for len(metricData) > 0 { - input.MetricData = metricData[:maxDataPoints] + input.MetricData = metricData[:min(maxDataPoints, len(metricData))] // Publish data err := p.send(input) @@ -193,18 +200,18 @@ func (p *cloudWatchPublisher) push(metricData []*cloudwatch.MetricDatum) { } // Mutate slice - index := min(maxDataPoints, len(metricData)) - metricData = metricData[index:] + + metricData = metricData[min(maxDataPoints, len(metricData)):] // Reset Input - input = cloudwatch.PutMetricDataInput{} - input.Namespace = p.getCloudWatchMetricNamespace() + input.MetricData = nil } } -func (p *cloudWatchPublisher) send(input cloudwatch.PutMetricDataInput) error { +// Why is there a *cloudwatch.PutMetricDataInput and cloudwatch.PutMetricDataInput? +func (p *cloudWatchPublisher) send(input *cloudwatch.PutMetricDataInput) error { p.log.Info("Sending data to CloudWatch metrics") - _, err := p.cloudwatchClient.PutMetricData(&input) + _, err := p.cloudwatchClient.PutMetricData(p.ctx, input) return err } @@ -242,8 +249,8 @@ func getClusterID(ec2Client *ec2wrapper.EC2Wrapper, log logger.Logger) string { return clusterID } -func (p *cloudWatchPublisher) getCloudWatchMetricDatumDimensions() []*cloudwatch.Dimension { - return []*cloudwatch.Dimension{ +func (p *cloudWatchPublisher) getCloudWatchMetricDatumDimensions() []types.Dimension { + return []types.Dimension{ { Name: aws.String(clusterIDDimension), Value: aws.String(p.clusterID), diff --git a/pkg/publisher/publisher_test.go b/pkg/publisher/publisher_test.go index 7cc06b5dd7..ea8e4dc5d8 100644 --- a/pkg/publisher/publisher_test.go +++ b/pkg/publisher/publisher_test.go @@ -19,12 +19,12 @@ import ( "testing" "time" - "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cloudwatch" - "github.com/aws/aws-sdk-go/service/cloudwatch/cloudwatchiface" - "github.com/pkg/errors" + + "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/cloudwatch" + "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" "github.com/stretchr/testify/assert" ) @@ -50,10 +50,16 @@ func TestCloudWatchPublisherWithNoIMDS(t *testing.T) { func TestCloudWatchPublisherWithSingleDatum(t *testing.T) { cloudwatchPublisher := getCloudWatchPublisher(t) - testCloudwatchMetricDatum := &cloudwatch.MetricDatum{ + testCloudwatchMetricDatum := types.MetricDatum{ MetricName: aws.String(testMetricOne), - Unit: aws.String(cloudwatch.StandardUnitNone), + Unit: types.StandardUnitNone, Value: aws.Float64(1.0), + Dimensions: []types.Dimension{ + { + Name: aws.String(clusterIDDimension), + Value: aws.String(testClusterID), + }, + }, } cloudwatchPublisher.Publish(testCloudwatchMetricDatum) @@ -67,13 +73,13 @@ func TestCloudWatchPublisherWithSingleDatum(t *testing.T) { func TestCloudWatchPublisherWithMultipleDatum(t *testing.T) { cloudwatchPublisher := getCloudWatchPublisher(t) - var metricDataPoints []*cloudwatch.MetricDatum + var metricDataPoints []types.MetricDatum for i := 0; i < 10; i++ { metricName := "TEST_METRIC_" + strconv.Itoa(i) - testCloudwatchMetricDatum := &cloudwatch.MetricDatum{ + testCloudwatchMetricDatum := types.MetricDatum{ MetricName: aws.String(metricName), - Unit: aws.String(cloudwatch.StandardUnitNone), + Unit: types.StandardUnitNone, Value: aws.Float64(1.0), } metricDataPoints = append(metricDataPoints, testCloudwatchMetricDatum) @@ -89,13 +95,13 @@ func TestCloudWatchPublisherWithMultipleDatum(t *testing.T) { func TestCloudWatchPublisherWithGreaterThanMaxDatapoints(t *testing.T) { cloudwatchPublisher := getCloudWatchPublisher(t) - var metricDataPoints []*cloudwatch.MetricDatum + var metricDataPoints []types.MetricDatum for i := 0; i < 30; i++ { metricName := "TEST_METRIC_" + strconv.Itoa(i) - testCloudwatchMetricDatum := &cloudwatch.MetricDatum{ + testCloudwatchMetricDatum := types.MetricDatum{ MetricName: aws.String(metricName), - Unit: aws.String(cloudwatch.StandardUnitNone), + Unit: types.StandardUnitNone, Value: aws.Float64(1.0), } metricDataPoints = append(metricDataPoints, testCloudwatchMetricDatum) @@ -111,12 +117,12 @@ func TestCloudWatchPublisherWithGreaterThanMaxDatapoints(t *testing.T) { func TestCloudWatchPublisherWithGreaterThanMaxDatapointsAndStop(t *testing.T) { cloudwatchPublisher := getCloudWatchPublisher(t) - var metricDataPoints []*cloudwatch.MetricDatum + var metricDataPoints []types.MetricDatum for i := 0; i < 30; i++ { metricName := "TEST_METRIC_" + strconv.Itoa(i) - testCloudwatchMetricDatum := &cloudwatch.MetricDatum{ + testCloudwatchMetricDatum := types.MetricDatum{ MetricName: aws.String(metricName), - Unit: aws.String(cloudwatch.StandardUnitNone), + Unit: types.StandardUnitNone, Value: aws.Float64(1.0), } metricDataPoints = append(metricDataPoints, testCloudwatchMetricDatum) @@ -138,21 +144,30 @@ func TestCloudWatchPublisherWithGreaterThanMaxDatapointsAndStop(t *testing.T) { func TestCloudWatchPublisherWithSingleDatumWithError(t *testing.T) { derivedContext, cancel := context.WithCancel(context.TODO()) - mockCloudWatch := mockCloudWatchClient{mockPutMetricDataError: errors.New("test error")} + // Create a mock cloudwatch client that will return an error when PutMetricData is called + mockCloudWatch := mockCloudWatchClient{ + mockPutMetricDataError: errors.New("error"), + } cloudwatchPublisher := &cloudWatchPublisher{ ctx: derivedContext, cancel: cancel, - cloudwatchClient: mockCloudWatch, + cloudwatchClient: &mockCloudWatch, clusterID: testClusterID, - localMetricData: make([]*cloudwatch.MetricDatum, 0, localMetricDataSize), + localMetricData: make([]types.MetricDatum, 0, localMetricDataSize), log: getCloudWatchLog(), } - testCloudwatchMetricDatum := &cloudwatch.MetricDatum{ + testCloudwatchMetricDatum := types.MetricDatum{ MetricName: aws.String(testMetricOne), - Unit: aws.String(cloudwatch.StandardUnitNone), + Unit: types.StandardUnitNone, Value: aws.Float64(1.0), + Dimensions: []types.Dimension{ + { + Name: aws.String(clusterIDDimension), + Value: aws.String(testClusterID), + }, + }, } cloudwatchPublisher.Publish(testCloudwatchMetricDatum) @@ -167,13 +182,13 @@ func TestGetCloudWatchMetricNamespace(t *testing.T) { cloudwatchPublisher := getCloudWatchPublisher(t) testNamespace := cloudwatchPublisher.getCloudWatchMetricNamespace() - assert.Equal(t, aws.StringValue(testNamespace), cloudwatchMetricNamespace) + assert.Equal(t, aws.ToString(testNamespace), cloudwatchMetricNamespace) } func TestGetCloudWatchMetricDatumDimensions(t *testing.T) { cloudwatchPublisher := getCloudWatchPublisher(t) - expectedCloudwatchDimensions := []*cloudwatch.Dimension{ + expectedCloudwatchDimensions := []types.Dimension{ { Name: aws.String(clusterIDDimension), Value: aws.String(testClusterID), @@ -187,7 +202,7 @@ func TestGetCloudWatchMetricDatumDimensions(t *testing.T) { func TestGetCloudWatchMetricDatumDimensionsWithMissingClusterID(t *testing.T) { cloudwatchPublisher := &cloudWatchPublisher{log: getCloudWatchLog()} - expectedCloudwatchDimensions := []*cloudwatch.Dimension{ + expectedCloudwatchDimensions := []types.Dimension{ { Name: aws.String(clusterIDDimension), Value: aws.String(""), @@ -201,7 +216,7 @@ func TestGetCloudWatchMetricDatumDimensionsWithMissingClusterID(t *testing.T) { func TestPublishWithNoData(t *testing.T) { cloudwatchPublisher := &cloudWatchPublisher{log: getCloudWatchLog()} - testMetricDataPoints := []*cloudwatch.MetricDatum{} + testMetricDataPoints := []types.MetricDatum{} cloudwatchPublisher.Publish(testMetricDataPoints...) assert.Empty(t, cloudwatchPublisher.localMetricData) @@ -209,7 +224,7 @@ func TestPublishWithNoData(t *testing.T) { func TestPushWithMissingData(t *testing.T) { cloudwatchPublisher := &cloudWatchPublisher{log: getCloudWatchLog()} - testMetricDataPoints := []*cloudwatch.MetricDatum{} + testMetricDataPoints := []types.MetricDatum{} cloudwatchPublisher.push(testMetricDataPoints) assert.Empty(t, cloudwatchPublisher.localMetricData) @@ -225,16 +240,18 @@ func TestMin(t *testing.T) { assert.Equal(t, minimum, a) } -// mockCloudWatchClient is used to facilitate testing +// mockCloudWatchClient is used to facilitate testing and implements the cloudwatch.Client interface type mockCloudWatchClient struct { - cloudwatchiface.CloudWatchAPI + cloudwatch.Client mockPutMetricDataError error } -func (m mockCloudWatchClient) PutMetricData(input *cloudwatch.PutMetricDataInput) (*cloudwatch.PutMetricDataOutput, error) { +func (m *mockCloudWatchClient) PutMetricData(ctx context.Context, params *cloudwatch.PutMetricDataInput, optFns ...func(*cloudwatch.Options)) (*cloudwatch.PutMetricDataOutput, error) { return &cloudwatch.PutMetricDataOutput{}, m.mockPutMetricDataError } +// Implement other methods of the cloudwatch.Client interface as needed for testing. + func getCloudWatchLog() logger.Logger { logConfig := logger.Configuration{ LogLevel: "Debug", @@ -250,9 +267,9 @@ func getCloudWatchPublisher(t *testing.T) *cloudWatchPublisher { return &cloudWatchPublisher{ ctx: derivedContext, cancel: cancel, - cloudwatchClient: mockCloudWatchClient{}, + cloudwatchClient: &mockCloudWatchClient{}, clusterID: testClusterID, - localMetricData: make([]*cloudwatch.MetricDatum, 0, localMetricDataSize), + localMetricData: make([]types.MetricDatum, 0, localMetricDataSize), log: getCloudWatchLog(), } } diff --git a/pkg/utils/cniutils/cni_utils.go b/pkg/utils/cniutils/cni_utils.go index bf5520d12a..31e5a3f68d 100644 --- a/pkg/utils/cniutils/cni_utils.go +++ b/pkg/utils/cniutils/cni_utils.go @@ -13,7 +13,7 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/netlinkwrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/procsyswrapper" "github.com/aws/amazon-vpc-cni-k8s/utils/imds" - "github.com/aws/aws-sdk-go/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" ) const ( @@ -148,7 +148,7 @@ func IsIptableTargetNotExist(err error) bool { } // PrefixSimilar checks if prefix pool and eni prefix are equivalent. -func PrefixSimilar(prefixPool []string, eniPrefixes []*ec2.Ipv4PrefixSpecification) bool { +func PrefixSimilar(prefixPool []string, eniPrefixes []ec2types.Ipv4PrefixSpecification) bool { if len(prefixPool) != len(eniPrefixes) { return false } @@ -159,7 +159,7 @@ func PrefixSimilar(prefixPool []string, eniPrefixes []*ec2.Ipv4PrefixSpecificati } for _, prefix := range eniPrefixes { - if prefix == nil || prefix.Ipv4Prefix == nil { + if prefix.Ipv4Prefix == nil { return false } if _, exists := prefixPoolSet[*prefix.Ipv4Prefix]; !exists { @@ -170,7 +170,7 @@ func PrefixSimilar(prefixPool []string, eniPrefixes []*ec2.Ipv4PrefixSpecificati } // IPsSimilar checks if ipPool and eniIPs are equivalent. -func IPsSimilar(ipPool []string, eniIPs []*ec2.NetworkInterfacePrivateIpAddress) bool { +func IPsSimilar(ipPool []string, eniIPs []ec2types.NetworkInterfacePrivateIpAddress) bool { // Here we do +1 in ipPool because eniIPs will also have primary IP which is not used by pods. if len(ipPool)+1 != len(eniIPs) { return false @@ -182,7 +182,7 @@ func IPsSimilar(ipPool []string, eniIPs []*ec2.NetworkInterfacePrivateIpAddress) } for _, ip := range eniIPs { - if ip == nil || ip.PrivateIpAddress == nil || ip.Primary == nil { + if ip.PrivateIpAddress == nil || ip.Primary == nil { return false } if *ip.Primary { diff --git a/pkg/utils/cniutils/cni_utils_test.go b/pkg/utils/cniutils/cni_utils_test.go index 46e063ac42..e8cb7530d2 100644 --- a/pkg/utils/cniutils/cni_utils_test.go +++ b/pkg/utils/cniutils/cni_utils_test.go @@ -4,8 +4,9 @@ import ( "net" "testing" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + + "github.com/aws/aws-sdk-go-v2/aws" current "github.com/containernetworking/cni/pkg/types/100" "github.com/stretchr/testify/assert" ) @@ -214,25 +215,25 @@ func TestPrefixSimilar(t *testing.T) { tests := []struct { name string prefixPool []string - eniPrefixes []*ec2.Ipv4PrefixSpecification + eniPrefixes []ec2types.Ipv4PrefixSpecification want bool }{ { name: "Empty slices", prefixPool: []string{}, - eniPrefixes: []*ec2.Ipv4PrefixSpecification{}, + eniPrefixes: []ec2types.Ipv4PrefixSpecification{}, want: true, }, { name: "Different lengths", prefixPool: []string{"192.168.1.0/24"}, - eniPrefixes: []*ec2.Ipv4PrefixSpecification{}, + eniPrefixes: []ec2types.Ipv4PrefixSpecification{}, want: false, }, { name: "Equivalent prefixes", prefixPool: []string{"192.168.1.0/24", "10.0.0.0/16"}, - eniPrefixes: []*ec2.Ipv4PrefixSpecification{ + eniPrefixes: []ec2types.Ipv4PrefixSpecification{ {Ipv4Prefix: stringPtr("192.168.1.0/24")}, {Ipv4Prefix: stringPtr("10.0.0.0/16")}, }, @@ -241,7 +242,7 @@ func TestPrefixSimilar(t *testing.T) { { name: "Different prefixes", prefixPool: []string{"192.168.1.0/24", "10.0.0.0/16"}, - eniPrefixes: []*ec2.Ipv4PrefixSpecification{ + eniPrefixes: []ec2types.Ipv4PrefixSpecification{ {Ipv4Prefix: stringPtr("192.168.1.0/24")}, {Ipv4Prefix: stringPtr("172.16.0.0/16")}, }, @@ -250,8 +251,8 @@ func TestPrefixSimilar(t *testing.T) { { name: "Nil prefix", prefixPool: []string{"192.168.1.0/24"}, - eniPrefixes: []*ec2.Ipv4PrefixSpecification{ - nil, + eniPrefixes: []ec2types.Ipv4PrefixSpecification{ + {}, }, want: false, }, @@ -270,13 +271,13 @@ func TestIPsSimilar(t *testing.T) { tests := []struct { name string ipPool []string - eniIPs []*ec2.NetworkInterfacePrivateIpAddress + eniIPs []ec2types.NetworkInterfacePrivateIpAddress want bool }{ { name: "Empty IP pool", ipPool: []string{}, - eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + eniIPs: []ec2types.NetworkInterfacePrivateIpAddress{ {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, }, want: true, @@ -284,7 +285,7 @@ func TestIPsSimilar(t *testing.T) { { name: "Different lengths", ipPool: []string{"192.168.1.1"}, - eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + eniIPs: []ec2types.NetworkInterfacePrivateIpAddress{ {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, {PrivateIpAddress: stringPtr("192.168.1.1"), Primary: boolPtr(false)}, {PrivateIpAddress: stringPtr("192.168.1.2"), Primary: boolPtr(false)}, @@ -294,7 +295,7 @@ func TestIPsSimilar(t *testing.T) { { name: "Equivalent IPs", ipPool: []string{"192.168.1.1", "10.0.0.2"}, - eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + eniIPs: []ec2types.NetworkInterfacePrivateIpAddress{ {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, {PrivateIpAddress: stringPtr("192.168.1.1"), Primary: boolPtr(false)}, {PrivateIpAddress: stringPtr("10.0.0.2"), Primary: boolPtr(false)}, @@ -304,7 +305,7 @@ func TestIPsSimilar(t *testing.T) { { name: "Different IPs", ipPool: []string{"192.168.1.1", "10.0.0.2"}, - eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + eniIPs: []ec2types.NetworkInterfacePrivateIpAddress{ {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, {PrivateIpAddress: stringPtr("192.168.1.1"), Primary: boolPtr(false)}, {PrivateIpAddress: stringPtr("172.16.0.1"), Primary: boolPtr(false)}, @@ -314,9 +315,9 @@ func TestIPsSimilar(t *testing.T) { { name: "Nil IP", ipPool: []string{"192.168.1.1"}, - eniIPs: []*ec2.NetworkInterfacePrivateIpAddress{ + eniIPs: []ec2types.NetworkInterfacePrivateIpAddress{ {PrivateIpAddress: stringPtr("10.0.0.1"), Primary: boolPtr(true)}, - nil, + {}, }, want: false, }, diff --git a/pkg/vpc/vpc.go b/pkg/vpc/vpc.go index 00efbc3ca0..a604a1b30d 100644 --- a/pkg/vpc/vpc.go +++ b/pkg/vpc/vpc.go @@ -15,6 +15,8 @@ package vpc import ( "errors" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" ) @@ -86,7 +88,7 @@ func GetHypervisorType(instanceType string) (string, error) { log.Errorf("%s: %s", instanceType, ErrInstanceTypeNotExist) return "", ErrInstanceTypeNotExist } - return instance.HypervisorType, nil + return string(instance.HypervisorType), nil } func GetIsBareMetal(instanceType string) (bool, error) { @@ -119,7 +121,7 @@ func GetInstance(instanceType string) (InstanceTypeLimits, bool) { return instance, ok } -func SetInstance(instanceType string, eniLimit int, ipv4Limit int, defaultNetworkCardIndex int, networkCards []NetworkCard, hypervisorType string, isBareMetalInstance bool) { - instanceNetworkingLimits[instanceType] = New(eniLimit, ipv4Limit, defaultNetworkCardIndex, networkCards, - hypervisorType, isBareMetalInstance) +func SetInstance(instanceType ec2types.InstanceType, eniLimit int, ipv4Limit int, defaultNetworkCardIndex int, networkCards []NetworkCard, hypervisorType ec2types.InstanceTypeHypervisor, isBareMetalInstance bool) { + instanceNetworkingLimits[string(instanceType)] = New(eniLimit, ipv4Limit, defaultNetworkCardIndex, networkCards, + string(hypervisorType), isBareMetalInstance) } diff --git a/scripts/gen_vpc_ip_limits.go b/scripts/gen_vpc_ip_limits.go index 85c656b4cc..43f8a81ca2 100644 --- a/scripts/gen_vpc_ip_limits.go +++ b/scripts/gen_vpc_ip_limits.go @@ -16,6 +16,7 @@ package main import ( + "context" "fmt" "os" "reflect" @@ -23,13 +24,14 @@ import ( "strconv" "text/template" + "github.com/aws/aws-sdk-go-v2/aws" + + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" "github.com/aws/amazon-vpc-cni-k8s/pkg/vpc" - "github.com/aws/aws-sdk-go/aws" - - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go-v2/service/ec2" ) const ipLimitFileName = "pkg/vpc/vpc_ip_resource_limit.go" @@ -44,11 +46,20 @@ func printPodLimit(instanceType string, l vpc.InstanceTypeLimits) string { } func main() { + ctx := context.Background() + + cfg, err := config.LoadDefaultConfig(ctx) + + if err != nil { + log.Fatalf("Failed to load configuration: %v", err) + } + // Get instance types limits across all regions - regions := describeRegions() + regions := describeRegions(ctx, cfg) + eniLimitMap := make(map[string]vpc.InstanceTypeLimits) for _, region := range regions { - describeInstanceTypes(region, eniLimitMap) + describeInstanceTypes(ctx, cfg, region, eniLimitMap) } // Override faulty values and add missing instance types @@ -102,20 +113,14 @@ func main() { // Helper function to call the EC2 DescribeRegions API, returning sorted region names // Note that the credentials being used may not be opted-in to all regions -func describeRegions() []string { - // Get session - sess := session.Must(session.NewSessionWithOptions(session.Options{ - SharedConfigState: session.SharedConfigEnable, - })) - _, err := sess.Config.Credentials.Get() - if err != nil { - log.Fatalf("Failed to get session credentials: %v", err) - } - svc := ec2.New(sess) - output, err := svc.DescribeRegions(&ec2.DescribeRegionsInput{}) +func describeRegions(ctx context.Context, cfg aws.Config) []string { + client := ec2.NewFromConfig(cfg) + + output, err := client.DescribeRegions(ctx, &ec2.DescribeRegionsInput{}) if err != nil { log.Fatalf("Failed to call EC2 DescribeRegions: %v", err) } + var regionNames []string for _, region := range output.Regions { regionNames = append(regionNames, *region.RegionName) @@ -125,54 +130,61 @@ func describeRegions() []string { } // Helper function to call the EC2 DescribeInstanceTypes API for a region and merge the respective instance-type limits into eniLimitMap -func describeInstanceTypes(region string, eniLimitMap map[string]vpc.InstanceTypeLimits) { +func describeInstanceTypes(ctx context.Context, cfg aws.Config, region string, eniLimitMap map[string]vpc.InstanceTypeLimits) { log.Infof("Describing instance types in region=%s", region) - // Get session - sess := session.Must(session.NewSessionWithOptions(session.Options{ - SharedConfigState: session.SharedConfigEnable, - Config: *aws.NewConfig().WithRegion(region), - })) - _, err := sess.Config.Credentials.Get() - if err != nil { - log.Fatalf("Failed to get session credentials: %v", err) - } - svc := ec2.New(sess) - describeInstanceTypesInput := &ec2.DescribeInstanceTypesInput{} + cfg.Region = region + client := ec2.NewFromConfig(cfg) - for { - output, err := svc.DescribeInstanceTypes(describeInstanceTypesInput) + paginator := ec2.NewDescribeInstanceTypesPaginator(client, &ec2.DescribeInstanceTypesInput{}) + + // Iterate through all pages + for paginator.HasMorePages() { + output, err := paginator.NextPage(ctx) if err != nil { log.Fatalf("Failed to call EC2 DescribeInstanceTypes: %v", err) } + // We just want the type name, ENI and IP limits for _, info := range output.InstanceTypes { // Ignore any missing values - instanceType := aws.StringValue(info.InstanceType) + instanceType := string(info.InstanceType) + // only one network card is supported, so use the MaximumNetworkInterfaces from the default card if more than one are present var eniLimit int if len(info.NetworkInfo.NetworkCards) > 1 { - eniLimit = int(aws.Int64Value(info.NetworkInfo.NetworkCards[*info.NetworkInfo.DefaultNetworkCardIndex].MaximumNetworkInterfaces)) + eniLimit = int(*info.NetworkInfo.NetworkCards[*info.NetworkInfo.DefaultNetworkCardIndex].MaximumNetworkInterfaces) } else { - eniLimit = int(aws.Int64Value(info.NetworkInfo.MaximumNetworkInterfaces)) + eniLimit = int(*info.NetworkInfo.MaximumNetworkInterfaces) } - ipv4Limit := int(aws.Int64Value(info.NetworkInfo.Ipv4AddressesPerInterface)) - isBareMetalInstance := aws.BoolValue(info.BareMetal) - hypervisorType := aws.StringValue(info.Hypervisor) + + ipv4Limit := int(*info.NetworkInfo.Ipv4AddressesPerInterface) + isBareMetalInstance := *info.BareMetal + hypervisorType := string(info.Hypervisor) if hypervisorType == "" { hypervisorType = "unknown" } - networkCards := make([]vpc.NetworkCard, aws.Int64Value(info.NetworkInfo.MaximumNetworkCards)) - defaultNetworkCardIndex := int(aws.Int64Value(info.NetworkInfo.DefaultNetworkCardIndex)) - for idx := 0; idx < len(networkCards); idx += 1 { + + networkCards := make([]vpc.NetworkCard, *info.NetworkInfo.MaximumNetworkCards) + defaultNetworkCardIndex := int(*info.NetworkInfo.DefaultNetworkCardIndex) + + for idx := 0; idx < len(networkCards); idx++ { networkCards[idx] = vpc.NetworkCard{ - MaximumNetworkInterfaces: *info.NetworkInfo.NetworkCards[idx].MaximumNetworkInterfaces, - NetworkCardIndex: *info.NetworkInfo.NetworkCards[idx].NetworkCardIndex, + MaximumNetworkInterfaces: int64(*info.NetworkInfo.NetworkCards[idx].MaximumNetworkInterfaces), + NetworkCardIndex: int64(*info.NetworkInfo.NetworkCards[idx].NetworkCardIndex), } } + if instanceType != "" && eniLimit > 0 && ipv4Limit > 0 { - limits := vpc.InstanceTypeLimits{ENILimit: eniLimit, IPv4Limit: ipv4Limit, NetworkCards: networkCards, HypervisorType: strconv.Quote(hypervisorType), - IsBareMetal: isBareMetalInstance, DefaultNetworkCardIndex: defaultNetworkCardIndex} + limits := vpc.InstanceTypeLimits{ + ENILimit: eniLimit, + IPv4Limit: ipv4Limit, + NetworkCards: networkCards, + HypervisorType: strconv.Quote(hypervisorType), + IsBareMetal: isBareMetalInstance, + DefaultNetworkCardIndex: defaultNetworkCardIndex, + } + if existingLimits, contains := eniLimitMap[instanceType]; contains && !reflect.DeepEqual(existingLimits, limits) { // this should never happen log.Fatalf("A previous region has different limits for instanceType=%s than region=%s", instanceType, region) @@ -180,13 +192,6 @@ func describeInstanceTypes(region string, eniLimitMap map[string]vpc.InstanceTyp eniLimitMap[instanceType] = limits } } - // Paginate to the next request - if output.NextToken == nil { - break - } - describeInstanceTypesInput = &ec2.DescribeInstanceTypesInput{ - NextToken: output.NextToken, - } } } diff --git a/test/framework/framework.go b/test/framework/framework.go index d114e101f1..4f325d94ef 100644 --- a/test/framework/framework.go +++ b/test/framework/framework.go @@ -99,10 +99,16 @@ func New(options Options) *Framework { cloudConfig := aws.CloudConfig{Region: options.AWSRegion, VpcID: options.AWSVPCID, EKSEndpoint: options.EKSEndpoint} + awsCloud, err := aws.NewCloud(cloudConfig) + + if err != nil { + log.Fatalf("failed to create AWS cloud client: %v", err) + } + return &Framework{ Options: options, K8sClient: k8sClient, - CloudServices: aws.NewCloud(cloudConfig), + CloudServices: awsCloud, K8sResourceManagers: k8s.NewResourceManager(k8sClient, clientset, k8sSchema, config), InstallationManager: controller.NewDefaultInstallationManager( helm.NewDefaultReleaseManager(options.KubeConfig)), diff --git a/test/framework/resources/aws/cloud.go b/test/framework/resources/aws/cloud.go index 85a86151b6..fc83bcd005 100644 --- a/test/framework/resources/aws/cloud.go +++ b/test/framework/resources/aws/cloud.go @@ -14,9 +14,11 @@ package aws import ( + "context" + "fmt" + "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/aws/services" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" + awsconfig "github.com/aws/aws-sdk-go-v2/config" ) type CloudConfig struct { @@ -44,19 +46,29 @@ type defaultCloud struct { cloudWatch services.CloudWatch } -func NewCloud(config CloudConfig) Cloud { - session := session.Must(session.NewSession(&aws.Config{ - Region: aws.String(config.Region)})) +func NewCloud(config CloudConfig) (Cloud, error) { + + cfg, err := awsconfig.LoadDefaultConfig(context.TODO(), awsconfig.WithRegion(config.Region)) + + if err != nil { + return nil, fmt.Errorf("unable to load SDK config, %v", err) + } + + eksService, err := services.NewEKS(cfg, config.EKSEndpoint) + + if err != nil { + return nil, fmt.Errorf("unable to create EKS service client, %v", err) + } return &defaultCloud{ cfg: config, - ec2: services.NewEC2(session), - iam: services.NewIAM(session), - eks: services.NewEKS(session, config.EKSEndpoint), - autoScaling: services.NewAutoScaling(session), - cloudFormation: services.NewCloudFormation(session), - cloudWatch: services.NewCloudWatch(session), - } + ec2: services.NewEC2(cfg), + iam: services.NewIAM(cfg), + eks: eksService, + autoScaling: services.NewAutoScaling(cfg), + cloudFormation: services.NewCloudFormation(cfg), + cloudWatch: services.NewCloudWatch(cfg), + }, nil } func (c *defaultCloud) EC2() services.EC2 { diff --git a/test/framework/resources/aws/services/autoscaling.go b/test/framework/resources/aws/services/autoscaling.go index 07042a0bfa..d1bc534971 100644 --- a/test/framework/resources/aws/services/autoscaling.go +++ b/test/framework/resources/aws/services/autoscaling.go @@ -14,33 +14,34 @@ package services import ( + "context" "fmt" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/autoscaling" - "github.com/aws/aws-sdk-go/service/autoscaling/autoscalingiface" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/autoscaling" + "github.com/aws/aws-sdk-go-v2/service/autoscaling/types" ) type AutoScaling interface { - DescribeAutoScalingGroup(autoScalingGroupName string) ([]*autoscaling.Group, error) + DescribeAutoScalingGroup(ctx context.Context, autoScalingGroupName string) ([]types.AutoScalingGroup, error) } +// Directly using the client to interact with the service instead of an interface. type defaultAutoScaling struct { - autoscalingiface.AutoScalingAPI + client *autoscaling.Client } -func NewAutoScaling(session *session.Session) AutoScaling { +func NewAutoScaling(cfg aws.Config) AutoScaling { return &defaultAutoScaling{ - AutoScalingAPI: autoscaling.New(session), + client: autoscaling.NewFromConfig(cfg), } } -func (d defaultAutoScaling) DescribeAutoScalingGroup(autoScalingGroupName string) ([]*autoscaling.Group, error) { +func (d defaultAutoScaling) DescribeAutoScalingGroup(ctx context.Context, autoScalingGroupName string) ([]types.AutoScalingGroup, error) { describeAutoScalingGroupIp := &autoscaling.DescribeAutoScalingGroupsInput{ - AutoScalingGroupNames: aws.StringSlice([]string{autoScalingGroupName}), + AutoScalingGroupNames: []string{autoScalingGroupName}, } - asg, err := d.AutoScalingAPI.DescribeAutoScalingGroups(describeAutoScalingGroupIp) + asg, err := d.client.DescribeAutoScalingGroups(ctx, describeAutoScalingGroupIp) if err != nil { return nil, err } diff --git a/test/framework/resources/aws/services/cloudformation.go b/test/framework/resources/aws/services/cloudformation.go index dac5f13e54..20e206a47a 100644 --- a/test/framework/resources/aws/services/cloudformation.go +++ b/test/framework/resources/aws/services/cloudformation.go @@ -18,38 +18,37 @@ import ( "fmt" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/service/cloudformation/cloudformationiface" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/cloudformation" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/cloudformation" + "github.com/aws/aws-sdk-go-v2/service/cloudformation/types" "k8s.io/apimachinery/pkg/util/wait" ) type CloudFormation interface { - WaitTillStackCreated(stackName string, stackParams []*cloudformation.Parameter, templateBody string) (*cloudformation.DescribeStacksOutput, error) - WaitTillStackDeleted(stackName string) error + WaitTillStackCreated(ctx context.Context, stackName string, stackParams []types.Parameter, templateBody string) (*cloudformation.DescribeStacksOutput, error) + WaitTillStackDeleted(ctx context.Context, stackName string) error } +// Directly using the client instead of the Interface. type defaultCloudFormation struct { - cloudformationiface.CloudFormationAPI + client *cloudformation.Client } -func NewCloudFormation(session *session.Session) CloudFormation { +func NewCloudFormation(cfg aws.Config) CloudFormation { return &defaultCloudFormation{ - CloudFormationAPI: cloudformation.New(session), + client: cloudformation.NewFromConfig(cfg), } } -func (d *defaultCloudFormation) WaitTillStackCreated(stackName string, stackParams []*cloudformation.Parameter, templateBody string) (*cloudformation.DescribeStacksOutput, error) { +func (d *defaultCloudFormation) WaitTillStackCreated(ctx context.Context, stackName string, stackParams []types.Parameter, templateBody string) (*cloudformation.DescribeStacksOutput, error) { createStackInput := &cloudformation.CreateStackInput{ Parameters: stackParams, StackName: aws.String(stackName), TemplateBody: aws.String(templateBody), - Capabilities: aws.StringSlice([]string{cloudformation.CapabilityCapabilityIam}), + Capabilities: []types.Capability{types.CapabilityCapabilityIam}, } - _, err := d.CloudFormationAPI.CreateStack(createStackInput) + _, err := d.client.CreateStack(ctx, createStackInput) if err != nil { return nil, err } @@ -59,25 +58,26 @@ func (d *defaultCloudFormation) WaitTillStackCreated(stackName string, stackPara } var describeStackOutput *cloudformation.DescribeStacksOutput + // Using the provided ctx, ctx.Done() allows wait.PollImmediateUtil to cancel err = wait.PollImmediateUntil(utils.PollIntervalLong, func() (done bool, err error) { - describeStackOutput, err = d.CloudFormationAPI.DescribeStacks(describeStackInput) + describeStackOutput, err = d.client.DescribeStacks(ctx, describeStackInput) if err != nil { return true, err } - if *describeStackOutput.Stacks[0].StackStatus == "CREATE_COMPLETE" { + if describeStackOutput.Stacks[0].StackStatus == types.StackStatusCreateComplete { return true, nil } return false, nil - }, context.Background().Done()) + }, ctx.Done()) return describeStackOutput, err } -func (d *defaultCloudFormation) WaitTillStackDeleted(stackName string) error { +func (d *defaultCloudFormation) WaitTillStackDeleted(ctx context.Context, stackName string) error { deleteStackInput := &cloudformation.DeleteStackInput{ StackName: aws.String(stackName), } - _, err := d.CloudFormationAPI.DeleteStack(deleteStackInput) + _, err := d.client.DeleteStack(ctx, deleteStackInput) if err != nil { return fmt.Errorf("failed to delete stack %s: %v", stackName, err) } @@ -87,16 +87,17 @@ func (d *defaultCloudFormation) WaitTillStackDeleted(stackName string) error { } var describeStackOutput *cloudformation.DescribeStacksOutput + // Using the provided ctx, ctx.Done() allows wait.PollImmediateUtil to cancel if required. err = wait.PollImmediateUntil(utils.PollIntervalLong, func() (done bool, err error) { - describeStackOutput, err = d.CloudFormationAPI.DescribeStacks(describeStackInput) + describeStackOutput, err = d.client.DescribeStacks(ctx, describeStackInput) if err != nil { return true, err } - if *describeStackOutput.Stacks[0].StackStatus == "DELETE_COMPLETE" { + if describeStackOutput.Stacks[0].StackStatus == types.StackStatusDeleteComplete { return true, nil } return false, nil - }, context.Background().Done()) + }, ctx.Done()) return nil } diff --git a/test/framework/resources/aws/services/cloudwatch.go b/test/framework/resources/aws/services/cloudwatch.go index 9680ad1bb4..20efb1bb06 100644 --- a/test/framework/resources/aws/services/cloudwatch.go +++ b/test/framework/resources/aws/services/cloudwatch.go @@ -14,30 +14,31 @@ package services import ( - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/cloudwatch" - "github.com/aws/aws-sdk-go/service/cloudwatch/cloudwatchiface" + "context" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/cloudwatch" ) type CloudWatch interface { - GetMetricStatistics(getMetricStatisticsInput *cloudwatch.GetMetricStatisticsInput) (*cloudwatch.GetMetricStatisticsOutput, error) - PutMetricData(input *cloudwatch.PutMetricDataInput) (*cloudwatch.PutMetricDataOutput, error) + GetMetricStatistics(ctx context.Context, params *cloudwatch.GetMetricStatisticsInput, optFns ...func(*cloudwatch.Options)) (*cloudwatch.GetMetricStatisticsOutput, error) + PutMetricData(ctx context.Context, params *cloudwatch.PutMetricDataInput, optFns ...func(*cloudwatch.Options)) (*cloudwatch.PutMetricDataOutput, error) } type defaultCloudWatch struct { - cloudwatchiface.CloudWatchAPI + client *cloudwatch.Client } -func NewCloudWatch(session *session.Session) CloudWatch { +func NewCloudWatch(cfg aws.Config) CloudWatch { return &defaultCloudWatch{ - CloudWatchAPI: cloudwatch.New(session), + client: cloudwatch.NewFromConfig(cfg), } } -func (d *defaultCloudWatch) GetMetricStatistics(getMetricStatisticsInput *cloudwatch.GetMetricStatisticsInput) (*cloudwatch.GetMetricStatisticsOutput, error) { - return d.CloudWatchAPI.GetMetricStatistics(getMetricStatisticsInput) +func (d *defaultCloudWatch) GetMetricStatistics(ctx context.Context, params *cloudwatch.GetMetricStatisticsInput, optFns ...func(*cloudwatch.Options)) (*cloudwatch.GetMetricStatisticsOutput, error) { + return d.client.GetMetricStatistics(ctx, params, optFns...) } -func (d *defaultCloudWatch) PutMetricData(input *cloudwatch.PutMetricDataInput) (*cloudwatch.PutMetricDataOutput, error) { - return d.CloudWatchAPI.PutMetricData(input) +func (d *defaultCloudWatch) PutMetricData(ctx context.Context, params *cloudwatch.PutMetricDataInput, optFns ...func(*cloudwatch.Options)) (*cloudwatch.PutMetricDataOutput, error) { + return d.client.PutMetricData(ctx, params, optFns...) } diff --git a/test/framework/resources/aws/services/ec2.go b/test/framework/resources/aws/services/ec2.go index af5305ba04..b0d3ed8373 100644 --- a/test/framework/resources/aws/services/ec2.go +++ b/test/framework/resources/aws/services/ec2.go @@ -14,53 +14,54 @@ package services import ( + "context" "fmt" "strings" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/aws/aws-sdk-go/service/ec2/ec2iface" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" ) type EC2 interface { - DescribeInstanceType(instanceType string) ([]*ec2.InstanceTypeInfo, error) - DescribeInstance(instanceID string) (*ec2.Instance, error) - DescribeVPC(vpcID string) (*ec2.DescribeVpcsOutput, error) - DescribeNetworkInterface(interfaceIDs []string) (*ec2.DescribeNetworkInterfacesOutput, error) - AuthorizeSecurityGroupIngress(groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error - RevokeSecurityGroupIngress(groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error - AuthorizeSecurityGroupEgress(groupID string, protocol string, fromPort int, toPort int, cidrIP string) error - RevokeSecurityGroupEgress(groupID string, protocol string, fromPort int, toPort int, cidrIP string) error - AssociateVPCCIDRBlock(vpcId string, cidrBlock string) (*ec2.AssociateVpcCidrBlockOutput, error) - TerminateInstance(instanceIDs []string) error - DisAssociateVPCCIDRBlock(associationID string) error - DescribeSubnet(subnetID string) (*ec2.DescribeSubnetsOutput, error) - CreateSubnet(cidrBlock string, vpcID string, az string) (*ec2.CreateSubnetOutput, error) - DeleteSubnet(subnetID string) error - DescribeRouteTables(subnetID string) (*ec2.DescribeRouteTablesOutput, error) - DescribeRouteTablesWithVPCID(vpcID string) (*ec2.DescribeRouteTablesOutput, error) - CreateSecurityGroup(groupName string, description string, vpcID string) (*ec2.CreateSecurityGroupOutput, error) - DeleteSecurityGroup(groupID string) error - AssociateRouteTableToSubnet(routeTableId string, subnetID string) error - CreateKey(keyName string) (*ec2.CreateKeyPairOutput, error) - DeleteKey(keyName string) error - DescribeKey(keyName string) (*ec2.DescribeKeyPairsOutput, error) - ModifyNetworkInterfaceSecurityGroups(securityGroupIds []*string, networkInterfaceId *string) (*ec2.ModifyNetworkInterfaceAttributeOutput, error) - DescribeAvailabilityZones() (*ec2.DescribeAvailabilityZonesOutput, error) - CreateTags(resourceIds []string, tags []*ec2.Tag) (*ec2.CreateTagsOutput, error) - DeleteTags(resourceIds []string, tags []*ec2.Tag) (*ec2.DeleteTagsOutput, error) + DescribeInstanceType(ctx context.Context, instanceType string) ([]types.InstanceTypeInfo, error) + DescribeInstance(ctx context.Context, instanceID string) (types.Instance, error) + DescribeVPC(ctx context.Context, vpcID string) (*ec2.DescribeVpcsOutput, error) + DescribeNetworkInterface(ctx context.Context, interfaceIDs []string) (*ec2.DescribeNetworkInterfacesOutput, error) + AuthorizeSecurityGroupIngress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error + RevokeSecurityGroupIngress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error + AuthorizeSecurityGroupEgress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string) error + RevokeSecurityGroupEgress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string) error + AssociateVPCCIDRBlock(ctx context.Context, vpcId string, cidrBlock string) (*ec2.AssociateVpcCidrBlockOutput, error) + TerminateInstance(ctx context.Context, instanceIDs []string) error + DisAssociateVPCCIDRBlock(ctx context.Context, associationID string) error + DescribeSubnet(ctx context.Context, subnetID string) (*ec2.DescribeSubnetsOutput, error) + CreateSubnet(ctx context.Context, cidrBlock string, vpcID string, az string) (*ec2.CreateSubnetOutput, error) + DeleteSubnet(ctx context.Context, subnetID string) error + DescribeRouteTables(ctx context.Context, subnetID string) (*ec2.DescribeRouteTablesOutput, error) + DescribeRouteTablesWithVPCID(ctx context.Context, vpcID string) (*ec2.DescribeRouteTablesOutput, error) + CreateSecurityGroup(ctx context.Context, groupName string, description string, vpcID string) (*ec2.CreateSecurityGroupOutput, error) + DeleteSecurityGroup(ctx context.Context, groupID string) error + AssociateRouteTableToSubnet(ctx context.Context, routeTableId string, subnetID string) error + CreateKey(ctx context.Context, keyName string) (*ec2.CreateKeyPairOutput, error) + DeleteKey(ctx context.Context, keyName string) error + DescribeKey(ctx context.Context, keyName string) (*ec2.DescribeKeyPairsOutput, error) + ModifyNetworkInterfaceSecurityGroups(ctx context.Context, securityGroupIds []string, networkInterfaceId *string) (*ec2.ModifyNetworkInterfaceAttributeOutput, error) + DescribeAvailabilityZones(ctx context.Context) (*ec2.DescribeAvailabilityZonesOutput, error) + CreateTags(ctx context.Context, resourceIds []string, tags []types.Tag) (*ec2.CreateTagsOutput, error) + DeleteTags(ctx context.Context, resourceIds []string, tags []types.Tag) (*ec2.DeleteTagsOutput, error) } type defaultEC2 struct { - ec2iface.EC2API + client *ec2.Client } -func (d *defaultEC2) DescribeInstanceType(instanceType string) ([]*ec2.InstanceTypeInfo, error) { +func (d *defaultEC2) DescribeInstanceType(ctx context.Context, instanceType string) ([]types.InstanceTypeInfo, error) { describeInstanceTypeIp := &ec2.DescribeInstanceTypesInput{ - InstanceTypes: aws.StringSlice([]string{instanceType}), + InstanceTypes: []types.InstanceType{types.InstanceType(instanceType)}, } - describeInstanceOp, err := d.EC2API.DescribeInstanceTypes(describeInstanceTypeIp) + describeInstanceOp, err := d.client.DescribeInstanceTypes(ctx, describeInstanceTypeIp) if err != nil { return nil, err } @@ -70,65 +71,66 @@ func (d *defaultEC2) DescribeInstanceType(instanceType string) ([]*ec2.InstanceT return describeInstanceOp.InstanceTypes, nil } -func (d *defaultEC2) DescribeAvailabilityZones() (*ec2.DescribeAvailabilityZonesOutput, error) { +func (d *defaultEC2) DescribeAvailabilityZones(ctx context.Context) (*ec2.DescribeAvailabilityZonesOutput, error) { describeAvailabilityZonesInput := &ec2.DescribeAvailabilityZonesInput{} - return d.EC2API.DescribeAvailabilityZones(describeAvailabilityZonesInput) + return d.client.DescribeAvailabilityZones(ctx, describeAvailabilityZonesInput) } -func (d *defaultEC2) ModifyNetworkInterfaceSecurityGroups(securityGroupIds []*string, networkInterfaceId *string) (*ec2.ModifyNetworkInterfaceAttributeOutput, error) { - return d.EC2API.ModifyNetworkInterfaceAttribute(&ec2.ModifyNetworkInterfaceAttributeInput{ +func (d *defaultEC2) ModifyNetworkInterfaceSecurityGroups(ctx context.Context, securityGroupIds []string, networkInterfaceId *string) (*ec2.ModifyNetworkInterfaceAttributeOutput, error) { + return d.client.ModifyNetworkInterfaceAttribute(ctx, &ec2.ModifyNetworkInterfaceAttributeInput{ NetworkInterfaceId: networkInterfaceId, Groups: securityGroupIds, }) } -func (d *defaultEC2) DescribeInstance(instanceID string) (*ec2.Instance, error) { +func (d *defaultEC2) DescribeInstance(ctx context.Context, instanceID string) (types.Instance, error) { describeInstanceInput := &ec2.DescribeInstancesInput{ - InstanceIds: aws.StringSlice([]string{instanceID}), + InstanceIds: []string{instanceID}, } - describeInstanceOutput, err := d.EC2API.DescribeInstances(describeInstanceInput) + describeInstanceOutput, err := d.client.DescribeInstances(ctx, describeInstanceInput) + if err != nil { - return nil, err + return types.Instance{}, err } if describeInstanceOutput == nil || len(describeInstanceOutput.Reservations) == 0 || len(describeInstanceOutput.Reservations[0].Instances) == 0 { - return nil, fmt.Errorf("failed to find instance %s", instanceID) + return types.Instance{}, fmt.Errorf("failed to find instance %s", instanceID) } return describeInstanceOutput.Reservations[0].Instances[0], nil } -func (d *defaultEC2) AuthorizeSecurityGroupIngress(groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error { - var ipv4Ranges []*ec2.IpRange - var ipv6Ranges []*ec2.Ipv6Range - var ipPermissions *ec2.IpPermission +func (d *defaultEC2) AuthorizeSecurityGroupIngress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error { + var ipv4Ranges []types.IpRange + var ipv6Ranges []types.Ipv6Range + var ipPermissions types.IpPermission if !sourceSG { if strings.Contains(cidrIP, ":") { - ipv6Ranges = []*ec2.Ipv6Range{ + ipv6Ranges = []types.Ipv6Range{ { CidrIpv6: aws.String(cidrIP), }, } } else { - ipv4Ranges = []*ec2.IpRange{ + ipv4Ranges = []types.IpRange{ { CidrIp: aws.String(cidrIP), }, } } - ipPermissions = &ec2.IpPermission{ - FromPort: aws.Int64(int64(fromPort)), - ToPort: aws.Int64(int64(toPort)), + ipPermissions = types.IpPermission{ + FromPort: aws.Int32(int32(fromPort)), + ToPort: aws.Int32(int32(toPort)), IpProtocol: aws.String(protocol), IpRanges: ipv4Ranges, Ipv6Ranges: ipv6Ranges, } } else { - ipPermissions = &ec2.IpPermission{ - FromPort: aws.Int64(int64(fromPort)), - ToPort: aws.Int64(int64(toPort)), + ipPermissions = types.IpPermission{ + FromPort: aws.Int32(int32(fromPort)), + ToPort: aws.Int32(int32(toPort)), IpProtocol: aws.String(protocol), - UserIdGroupPairs: []*ec2.UserIdGroupPair{ + UserIdGroupPairs: []types.UserIdGroupPair{ { GroupId: aws.String(cidrIP), }, @@ -137,44 +139,44 @@ func (d *defaultEC2) AuthorizeSecurityGroupIngress(groupID string, protocol stri } authorizeSecurityGroupIngressInput := &ec2.AuthorizeSecurityGroupIngressInput{ GroupId: aws.String(groupID), - IpPermissions: []*ec2.IpPermission{ipPermissions}, + IpPermissions: []types.IpPermission{ipPermissions}, } - _, err := d.EC2API.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressInput) + _, err := d.client.AuthorizeSecurityGroupIngress(ctx, authorizeSecurityGroupIngressInput) return err } -func (d *defaultEC2) RevokeSecurityGroupIngress(groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error { - var ipv4Ranges []*ec2.IpRange - var ipv6Ranges []*ec2.Ipv6Range - var ipPermissions *ec2.IpPermission +func (d *defaultEC2) RevokeSecurityGroupIngress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string, sourceSG bool) error { + var ipv4Ranges []types.IpRange + var ipv6Ranges []types.Ipv6Range + var ipPermissions types.IpPermission if !sourceSG { if strings.Contains(cidrIP, ":") { - ipv6Ranges = []*ec2.Ipv6Range{ + ipv6Ranges = []types.Ipv6Range{ { CidrIpv6: aws.String(cidrIP), }, } } else { - ipv4Ranges = []*ec2.IpRange{ + ipv4Ranges = []types.IpRange{ { CidrIp: aws.String(cidrIP), }, } } - ipPermissions = &ec2.IpPermission{ - FromPort: aws.Int64(int64(fromPort)), - ToPort: aws.Int64(int64(toPort)), + ipPermissions = types.IpPermission{ + FromPort: aws.Int32(int32(fromPort)), + ToPort: aws.Int32(int32(toPort)), IpProtocol: aws.String(protocol), IpRanges: ipv4Ranges, Ipv6Ranges: ipv6Ranges, } } else { - ipPermissions = &ec2.IpPermission{ - FromPort: aws.Int64(int64(fromPort)), - ToPort: aws.Int64(int64(toPort)), + ipPermissions = types.IpPermission{ + FromPort: aws.Int32(int32(fromPort)), + ToPort: aws.Int32(int32(toPort)), IpProtocol: aws.String(protocol), - UserIdGroupPairs: []*ec2.UserIdGroupPair{ + UserIdGroupPairs: []types.UserIdGroupPair{ { GroupId: aws.String(cidrIP), }, @@ -183,236 +185,236 @@ func (d *defaultEC2) RevokeSecurityGroupIngress(groupID string, protocol string, } revokeSecurityGroupIngressInput := &ec2.RevokeSecurityGroupIngressInput{ GroupId: aws.String(groupID), - IpPermissions: []*ec2.IpPermission{ipPermissions}, + IpPermissions: []types.IpPermission{ipPermissions}, } - _, err := d.EC2API.RevokeSecurityGroupIngress(revokeSecurityGroupIngressInput) + _, err := d.client.RevokeSecurityGroupIngress(ctx, revokeSecurityGroupIngressInput) return err } -func (d *defaultEC2) AuthorizeSecurityGroupEgress(groupID string, protocol string, fromPort int, toPort int, cidrIP string) error { - var ipv4Ranges []*ec2.IpRange - var ipv6Ranges []*ec2.Ipv6Range +func (d *defaultEC2) AuthorizeSecurityGroupEgress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string) error { + var ipv4Ranges []types.IpRange + var ipv6Ranges []types.Ipv6Range if strings.Contains(cidrIP, ":") { - ipv6Ranges = []*ec2.Ipv6Range{ + ipv6Ranges = []types.Ipv6Range{ { CidrIpv6: aws.String(cidrIP), }, } } else { - ipv4Ranges = []*ec2.IpRange{ + ipv4Ranges = []types.IpRange{ { CidrIp: aws.String(cidrIP), }, } } - ipPermissions := &ec2.IpPermission{ - FromPort: aws.Int64(int64(fromPort)), - ToPort: aws.Int64(int64(toPort)), + ipPermissions := types.IpPermission{ + FromPort: aws.Int32(int32(fromPort)), + ToPort: aws.Int32(int32(toPort)), IpProtocol: aws.String(protocol), IpRanges: ipv4Ranges, Ipv6Ranges: ipv6Ranges, } authorizeSecurityGroupEgressInput := &ec2.AuthorizeSecurityGroupEgressInput{ GroupId: aws.String(groupID), - IpPermissions: []*ec2.IpPermission{ipPermissions}, + IpPermissions: []types.IpPermission{ipPermissions}, } - _, err := d.EC2API.AuthorizeSecurityGroupEgress(authorizeSecurityGroupEgressInput) + _, err := d.client.AuthorizeSecurityGroupEgress(ctx, authorizeSecurityGroupEgressInput) return err } -func (d *defaultEC2) RevokeSecurityGroupEgress(groupID string, protocol string, fromPort int, toPort int, cidrIP string) error { - var ipv4Ranges []*ec2.IpRange - var ipv6Ranges []*ec2.Ipv6Range +func (d *defaultEC2) RevokeSecurityGroupEgress(ctx context.Context, groupID string, protocol string, fromPort int, toPort int, cidrIP string) error { + var ipv4Ranges []types.IpRange + var ipv6Ranges []types.Ipv6Range if strings.Contains(cidrIP, ":") { - ipv6Ranges = []*ec2.Ipv6Range{ + ipv6Ranges = []types.Ipv6Range{ { CidrIpv6: aws.String(cidrIP), }, } } else { - ipv4Ranges = []*ec2.IpRange{ + ipv4Ranges = []types.IpRange{ { CidrIp: aws.String(cidrIP), }, } } - ipPermissions := &ec2.IpPermission{ - FromPort: aws.Int64(int64(fromPort)), - ToPort: aws.Int64(int64(toPort)), + ipPermissions := types.IpPermission{ + FromPort: aws.Int32(int32(fromPort)), + ToPort: aws.Int32(int32(toPort)), IpProtocol: aws.String(protocol), IpRanges: ipv4Ranges, Ipv6Ranges: ipv6Ranges, } revokeSecurityGroupEgressInput := &ec2.RevokeSecurityGroupEgressInput{ GroupId: aws.String(groupID), - IpPermissions: []*ec2.IpPermission{ipPermissions}, + IpPermissions: []types.IpPermission{ipPermissions}, } - _, err := d.EC2API.RevokeSecurityGroupEgress(revokeSecurityGroupEgressInput) + _, err := d.client.RevokeSecurityGroupEgress(ctx, revokeSecurityGroupEgressInput) return err } -func (d *defaultEC2) DescribeNetworkInterface(interfaceIDs []string) (*ec2.DescribeNetworkInterfacesOutput, error) { +func (d *defaultEC2) DescribeNetworkInterface(ctx context.Context, interfaceIDs []string) (*ec2.DescribeNetworkInterfacesOutput, error) { describeNetworkInterfaceInput := &ec2.DescribeNetworkInterfacesInput{ - NetworkInterfaceIds: aws.StringSlice(interfaceIDs), + NetworkInterfaceIds: interfaceIDs, } - return d.EC2API.DescribeNetworkInterfaces(describeNetworkInterfaceInput) + return d.client.DescribeNetworkInterfaces(ctx, describeNetworkInterfaceInput) } -func (d *defaultEC2) AssociateVPCCIDRBlock(vpcId string, cidrBlock string) (*ec2.AssociateVpcCidrBlockOutput, error) { +func (d *defaultEC2) AssociateVPCCIDRBlock(ctx context.Context, vpcId string, cidrBlock string) (*ec2.AssociateVpcCidrBlockOutput, error) { associateVPCCidrBlockInput := &ec2.AssociateVpcCidrBlockInput{ CidrBlock: aws.String(cidrBlock), VpcId: aws.String(vpcId), } - return d.EC2API.AssociateVpcCidrBlock(associateVPCCidrBlockInput) + return d.client.AssociateVpcCidrBlock(ctx, associateVPCCidrBlockInput) } -func (d *defaultEC2) DisAssociateVPCCIDRBlock(associationID string) error { +func (d *defaultEC2) DisAssociateVPCCIDRBlock(ctx context.Context, associationID string) error { disassociateVPCCidrBlockInput := &ec2.DisassociateVpcCidrBlockInput{ AssociationId: aws.String(associationID), } - _, err := d.EC2API.DisassociateVpcCidrBlock(disassociateVPCCidrBlockInput) + _, err := d.client.DisassociateVpcCidrBlock(ctx, disassociateVPCCidrBlockInput) return err } -func (d *defaultEC2) CreateSubnet(cidrBlock string, vpcID string, az string) (*ec2.CreateSubnetOutput, error) { +func (d *defaultEC2) CreateSubnet(ctx context.Context, cidrBlock string, vpcID string, az string) (*ec2.CreateSubnetOutput, error) { createSubnetInput := &ec2.CreateSubnetInput{ AvailabilityZone: aws.String(az), CidrBlock: aws.String(cidrBlock), VpcId: aws.String(vpcID), } - return d.EC2API.CreateSubnet(createSubnetInput) + return d.client.CreateSubnet(ctx, createSubnetInput) } -func (d *defaultEC2) DescribeSubnet(subnetID string) (*ec2.DescribeSubnetsOutput, error) { +func (d *defaultEC2) DescribeSubnet(ctx context.Context, subnetID string) (*ec2.DescribeSubnetsOutput, error) { describeSubnetInput := &ec2.DescribeSubnetsInput{ - SubnetIds: aws.StringSlice([]string{subnetID}), + SubnetIds: []string{subnetID}, } - return d.EC2API.DescribeSubnets(describeSubnetInput) + return d.client.DescribeSubnets(ctx, describeSubnetInput) } -func (d *defaultEC2) DescribeRouteTablesWithVPCID(vpcID string) (*ec2.DescribeRouteTablesOutput, error) { +func (d *defaultEC2) DescribeRouteTablesWithVPCID(ctx context.Context, vpcID string) (*ec2.DescribeRouteTablesOutput, error) { describeRouteTableInput := &ec2.DescribeRouteTablesInput{ - Filters: []*ec2.Filter{ + Filters: []types.Filter{ { Name: aws.String("vpc-id"), - Values: aws.StringSlice([]string{vpcID}), + Values: []string{vpcID}, }, }, } - return d.EC2API.DescribeRouteTables(describeRouteTableInput) + return d.client.DescribeRouteTables(ctx, describeRouteTableInput) } -func (d *defaultEC2) DeleteSubnet(subnetID string) error { +func (d *defaultEC2) DeleteSubnet(ctx context.Context, subnetID string) error { deleteSubnetInput := &ec2.DeleteSubnetInput{ SubnetId: aws.String(subnetID), } - _, err := d.EC2API.DeleteSubnet(deleteSubnetInput) + _, err := d.client.DeleteSubnet(ctx, deleteSubnetInput) return err } -func (d *defaultEC2) DescribeRouteTables(subnetID string) (*ec2.DescribeRouteTablesOutput, error) { +func (d *defaultEC2) DescribeRouteTables(ctx context.Context, subnetID string) (*ec2.DescribeRouteTablesOutput, error) { describeRouteTableInput := &ec2.DescribeRouteTablesInput{ - Filters: []*ec2.Filter{ + Filters: []types.Filter{ { Name: aws.String("association.subnet-id"), - Values: aws.StringSlice([]string{subnetID}), + Values: []string{subnetID}, }, }, } - return d.EC2API.DescribeRouteTables(describeRouteTableInput) + return d.client.DescribeRouteTables(ctx, describeRouteTableInput) } -func (d *defaultEC2) AssociateRouteTableToSubnet(routeTableId string, subnetID string) error { +func (d *defaultEC2) AssociateRouteTableToSubnet(ctx context.Context, routeTableId string, subnetID string) error { associateRouteTableInput := &ec2.AssociateRouteTableInput{ RouteTableId: aws.String(routeTableId), SubnetId: aws.String(subnetID), } - _, err := d.EC2API.AssociateRouteTable(associateRouteTableInput) + _, err := d.client.AssociateRouteTable(ctx, associateRouteTableInput) return err } -func (d *defaultEC2) DeleteSecurityGroup(groupID string) error { +func (d *defaultEC2) DeleteSecurityGroup(ctx context.Context, groupID string) error { deleteSecurityGroupInput := &ec2.DeleteSecurityGroupInput{ GroupId: aws.String(groupID), } - _, err := d.EC2API.DeleteSecurityGroup(deleteSecurityGroupInput) + _, err := d.client.DeleteSecurityGroup(ctx, deleteSecurityGroupInput) return err } -func (d *defaultEC2) CreateSecurityGroup(groupName string, description string, vpcID string) (*ec2.CreateSecurityGroupOutput, error) { +func (d *defaultEC2) CreateSecurityGroup(ctx context.Context, groupName string, description string, vpcID string) (*ec2.CreateSecurityGroupOutput, error) { createSecurityGroupInput := &ec2.CreateSecurityGroupInput{ Description: aws.String(description), GroupName: aws.String(groupName), VpcId: aws.String(vpcID), } - return d.EC2API.CreateSecurityGroup(createSecurityGroupInput) + return d.client.CreateSecurityGroup(ctx, createSecurityGroupInput) } -func (d *defaultEC2) CreateKey(keyName string) (*ec2.CreateKeyPairOutput, error) { +func (d *defaultEC2) CreateKey(ctx context.Context, keyName string) (*ec2.CreateKeyPairOutput, error) { createKeyInput := &ec2.CreateKeyPairInput{ KeyName: aws.String(keyName), } - return d.EC2API.CreateKeyPair(createKeyInput) + return d.client.CreateKeyPair(ctx, createKeyInput) } -func (d *defaultEC2) DeleteKey(keyName string) error { +func (d *defaultEC2) DeleteKey(ctx context.Context, keyName string) error { deleteKeyPairInput := &ec2.DeleteKeyPairInput{ KeyName: aws.String(keyName), } - _, err := d.EC2API.DeleteKeyPair(deleteKeyPairInput) + _, err := d.client.DeleteKeyPair(ctx, deleteKeyPairInput) return err } -func (d *defaultEC2) DescribeKey(keyName string) (*ec2.DescribeKeyPairsOutput, error) { +func (d *defaultEC2) DescribeKey(ctx context.Context, keyName string) (*ec2.DescribeKeyPairsOutput, error) { keyPairInput := &ec2.DescribeKeyPairsInput{ - KeyNames: []*string{ - &keyName, + KeyNames: []string{ + keyName, }, } - return d.EC2API.DescribeKeyPairs(keyPairInput) + return d.client.DescribeKeyPairs(ctx, keyPairInput) } -func (d *defaultEC2) TerminateInstance(instanceIDs []string) error { +func (d *defaultEC2) TerminateInstance(ctx context.Context, instanceIDs []string) error { terminateInstanceInput := &ec2.TerminateInstancesInput{ DryRun: nil, - InstanceIds: aws.StringSlice(instanceIDs), + InstanceIds: instanceIDs, } - _, err := d.EC2API.TerminateInstances(terminateInstanceInput) + _, err := d.client.TerminateInstances(ctx, terminateInstanceInput) return err } -func (d *defaultEC2) DescribeVPC(vpcID string) (*ec2.DescribeVpcsOutput, error) { +func (d *defaultEC2) DescribeVPC(ctx context.Context, vpcID string) (*ec2.DescribeVpcsOutput, error) { describeVPCInput := &ec2.DescribeVpcsInput{ - VpcIds: aws.StringSlice([]string{vpcID}), + VpcIds: []string{vpcID}, } - return d.EC2API.DescribeVpcs(describeVPCInput) + return d.client.DescribeVpcs(ctx, describeVPCInput) } -func (d *defaultEC2) CreateTags(resourceIds []string, tags []*ec2.Tag) (*ec2.CreateTagsOutput, error) { +func (d *defaultEC2) CreateTags(ctx context.Context, resourceIds []string, tags []types.Tag) (*ec2.CreateTagsOutput, error) { input := &ec2.CreateTagsInput{ - Resources: aws.StringSlice(resourceIds), + Resources: resourceIds, Tags: tags, } - return d.EC2API.CreateTags(input) + return d.client.CreateTags(ctx, input) } -func (d *defaultEC2) DeleteTags(resourceIds []string, tags []*ec2.Tag) (*ec2.DeleteTagsOutput, error) { +func (d *defaultEC2) DeleteTags(ctx context.Context, resourceIds []string, tags []types.Tag) (*ec2.DeleteTagsOutput, error) { input := &ec2.DeleteTagsInput{ - Resources: aws.StringSlice(resourceIds), + Resources: resourceIds, Tags: tags, } - return d.EC2API.DeleteTags(input) + return d.client.DeleteTags(ctx, input) } -func NewEC2(session *session.Session) EC2 { +func NewEC2(cfg aws.Config) EC2 { return &defaultEC2{ - EC2API: ec2.New(session), + client: ec2.NewFromConfig(cfg), } } diff --git a/test/framework/resources/aws/services/eks.go b/test/framework/resources/aws/services/eks.go index 1b1b35bf64..4b3ed762b5 100644 --- a/test/framework/resources/aws/services/eks.go +++ b/test/framework/resources/aws/services/eks.go @@ -14,23 +14,25 @@ package services import ( - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/eks" - "github.com/aws/aws-sdk-go/service/eks/eksiface" + "context" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/eks" + "github.com/aws/aws-sdk-go-v2/service/eks/types" ) type EKS interface { - DescribeCluster(clusterName string) (*eks.DescribeClusterOutput, error) - CreateAddon(addonInput *AddonInput) (*eks.CreateAddonOutput, error) - DescribeAddonVersions(AddonInput *AddonInput) (*eks.DescribeAddonVersionsOutput, error) - DescribeAddon(addonInput *AddonInput) (*eks.DescribeAddonOutput, error) - DeleteAddon(AddOnInput *AddonInput) (*eks.DeleteAddonOutput, error) - GetLatestVersion(addonInput *AddonInput) (string, error) + DescribeCluster(ctx context.Context, clusterName string) (*eks.DescribeClusterOutput, error) + CreateAddon(ctx context.Context, addonInput AddonInput) (*eks.CreateAddonOutput, error) + DescribeAddonVersions(ctx context.Context, addonInput AddonInput) (*eks.DescribeAddonVersionsOutput, error) + DescribeAddon(ctx context.Context, addonInput AddonInput) (*eks.DescribeAddonOutput, error) + DeleteAddon(ctx context.Context, addOnInput AddonInput) (*eks.DeleteAddonOutput, error) + GetLatestVersion(ctx context.Context, addonInput AddonInput) (string, error) } type defaultEKS struct { - eksiface.EKSAPI + client *eks.Client } // Internal Addon Input struct @@ -43,63 +45,81 @@ type AddonInput struct { K8sVersion string } -func NewEKS(session *session.Session, endpoint string) EKS { - return &defaultEKS{ - EKSAPI: eks.New(session, &aws.Config{ - Endpoint: aws.String(endpoint), - Region: session.Config.Region, - }), +func NewEKS(cfg aws.Config, endpoint string) (EKS, error) { + var err error + + if endpoint != "" { + customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) { + return aws.Endpoint{ + URL: endpoint, + }, nil + }) + cfg, err = config.LoadDefaultConfig(context.Background(), + config.WithEndpointResolverWithOptions(customResolver), + config.WithRegion(cfg.Region), + ) + } else { + cfg, err = config.LoadDefaultConfig(context.Background(), + config.WithRegion(cfg.Region), + ) } + + if err != nil { + return &defaultEKS{}, err + } + + return &defaultEKS{ + client: eks.NewFromConfig(cfg), + }, nil } -func (d defaultEKS) CreateAddon(addonInput *AddonInput) (*eks.CreateAddonOutput, error) { +func (d *defaultEKS) CreateAddon(ctx context.Context, addonInput AddonInput) (*eks.CreateAddonOutput, error) { createAddonInput := &eks.CreateAddonInput{ AddonName: aws.String(addonInput.AddonName), ClusterName: aws.String(addonInput.ClusterName), } if addonInput.AddonVersion != "" { - createAddonInput.SetAddonVersion(addonInput.AddonVersion) - createAddonInput.SetResolveConflicts("OVERWRITE") + createAddonInput.AddonVersion = aws.String(addonInput.AddonVersion) + createAddonInput.ResolveConflicts = types.ResolveConflictsOverwrite } - return d.EKSAPI.CreateAddon(createAddonInput) + return d.client.CreateAddon(ctx, createAddonInput) } -func (d defaultEKS) DeleteAddon(addonInput *AddonInput) (*eks.DeleteAddonOutput, error) { +func (d *defaultEKS) DeleteAddon(ctx context.Context, addonInput AddonInput) (*eks.DeleteAddonOutput, error) { deleteAddonInput := &eks.DeleteAddonInput{ AddonName: aws.String(addonInput.AddonName), ClusterName: aws.String(addonInput.ClusterName), } - return d.EKSAPI.DeleteAddon(deleteAddonInput) + return d.client.DeleteAddon(ctx, deleteAddonInput) } -func (d defaultEKS) DescribeAddonVersions(addonInput *AddonInput) (*eks.DescribeAddonVersionsOutput, error) { +func (d *defaultEKS) DescribeAddonVersions(ctx context.Context, addonInput AddonInput) (*eks.DescribeAddonVersionsOutput, error) { describeAddonVersionsInput := &eks.DescribeAddonVersionsInput{ AddonName: aws.String(addonInput.AddonName), KubernetesVersion: aws.String(addonInput.K8sVersion), } - return d.EKSAPI.DescribeAddonVersions(describeAddonVersionsInput) + return d.client.DescribeAddonVersions(ctx, describeAddonVersionsInput) } -func (d defaultEKS) DescribeAddon(addonInput *AddonInput) (*eks.DescribeAddonOutput, error) { +func (d *defaultEKS) DescribeAddon(ctx context.Context, addonInput AddonInput) (*eks.DescribeAddonOutput, error) { describeAddonInput := &eks.DescribeAddonInput{ AddonName: aws.String(addonInput.AddonName), ClusterName: aws.String(addonInput.ClusterName), } - return d.EKSAPI.DescribeAddon(describeAddonInput) + return d.client.DescribeAddon(ctx, describeAddonInput) } -func (d defaultEKS) DescribeCluster(clusterName string) (*eks.DescribeClusterOutput, error) { +func (d *defaultEKS) DescribeCluster(ctx context.Context, clusterName string) (*eks.DescribeClusterOutput, error) { describeClusterInput := &eks.DescribeClusterInput{ Name: aws.String(clusterName), } - - return d.EKSAPI.DescribeCluster(describeClusterInput) + return d.client.DescribeCluster(ctx, describeClusterInput) } -func (d defaultEKS) GetLatestVersion(addonInput *AddonInput) (string, error) { - addonOutput, err := d.DescribeAddonVersions(addonInput) +func (d *defaultEKS) GetLatestVersion(ctx context.Context, addonInput AddonInput) (string, error) { + addonOutput, err := d.DescribeAddonVersions(ctx, addonInput) if err != nil { return "", err } - return *addonOutput.Addons[0].AddonVersions[0].AddonVersion, nil + return aws.ToString(addonOutput.Addons[0].AddonVersions[0].AddonVersion), nil } diff --git a/test/framework/resources/aws/services/iam.go b/test/framework/resources/aws/services/iam.go index 688bbb9d82..779fbf775e 100644 --- a/test/framework/resources/aws/services/iam.go +++ b/test/framework/resources/aws/services/iam.go @@ -14,10 +14,11 @@ package services import ( - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/iam" - "github.com/aws/aws-sdk-go/service/iam/iamiface" + "context" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/iam" + "github.com/aws/aws-sdk-go-v2/service/iam/types" ) type PolicyDocument struct { @@ -32,88 +33,88 @@ type StatementEntry struct { } type IAM interface { - AttachRolePolicy(policyArn string, roleName string) error - DetachRolePolicy(policyARN string, roleName string) error - CreatePolicy(policyName string, policyDocument string) (*iam.CreatePolicyOutput, error) - DeletePolicy(policyARN string) error - GetInstanceProfile(instanceProfileName string) (*iam.GetInstanceProfileOutput, error) - GetRolePolicy(policyName string, role string) (*iam.GetRolePolicyOutput, error) - PutRolePolicy(policyDocument string, policyName string, roleName string) error - ListPolicies(scope string) (*iam.ListPoliciesOutput, error) + AttachRolePolicy(ctx context.Context, policyArn string, roleName string) error + DetachRolePolicy(ctx context.Context, policyARN string, roleName string) error + CreatePolicy(ctx context.Context, policyName string, policyDocument string) (*iam.CreatePolicyOutput, error) + DeletePolicy(ctx context.Context, policyARN string) error + GetInstanceProfile(ctx context.Context, instanceProfileName string) (*iam.GetInstanceProfileOutput, error) + GetRolePolicy(ctx context.Context, policyName string, role string) (*iam.GetRolePolicyOutput, error) + PutRolePolicy(ctx context.Context, policyDocument string, policyName string, roleName string) error + ListPolicies(ctx context.Context, scope string) (*iam.ListPoliciesOutput, error) } type defaultIAM struct { - iamiface.IAMAPI + client *iam.Client } -func (d *defaultIAM) AttachRolePolicy(policyARN string, roleName string) error { +func (d *defaultIAM) AttachRolePolicy(ctx context.Context, policyARN string, roleName string) error { attachRolePolicyInput := &iam.AttachRolePolicyInput{ PolicyArn: aws.String(policyARN), RoleName: aws.String(roleName), } - _, err := d.IAMAPI.AttachRolePolicy(attachRolePolicyInput) + _, err := d.client.AttachRolePolicy(ctx, attachRolePolicyInput) return err } -func (d *defaultIAM) DetachRolePolicy(policyARN string, roleName string) error { +func (d *defaultIAM) DetachRolePolicy(ctx context.Context, policyARN string, roleName string) error { detachRolePolicyInput := &iam.DetachRolePolicyInput{ PolicyArn: aws.String(policyARN), RoleName: aws.String(roleName), } - _, err := d.IAMAPI.DetachRolePolicy(detachRolePolicyInput) + _, err := d.client.DetachRolePolicy(ctx, detachRolePolicyInput) return err } -func (d *defaultIAM) CreatePolicy(policyName string, policyDocument string) (*iam.CreatePolicyOutput, error) { +func (d *defaultIAM) CreatePolicy(ctx context.Context, policyName string, policyDocument string) (*iam.CreatePolicyOutput, error) { createPolicyInput := &iam.CreatePolicyInput{ PolicyDocument: aws.String(policyDocument), PolicyName: aws.String(policyName), } - return d.IAMAPI.CreatePolicy(createPolicyInput) + return d.client.CreatePolicy(ctx, createPolicyInput) } -func (d *defaultIAM) DeletePolicy(policyARN string) error { +func (d *defaultIAM) DeletePolicy(ctx context.Context, policyARN string) error { deletePolicyInput := &iam.DeletePolicyInput{ PolicyArn: aws.String(policyARN), } - _, err := d.IAMAPI.DeletePolicy(deletePolicyInput) + _, err := d.client.DeletePolicy(ctx, deletePolicyInput) return err } -func (d *defaultIAM) GetRolePolicy(role string, policyName string) (*iam.GetRolePolicyOutput, error) { +func (d *defaultIAM) GetRolePolicy(ctx context.Context, role string, policyName string) (*iam.GetRolePolicyOutput, error) { rolePolicyInput := &iam.GetRolePolicyInput{ RoleName: aws.String(role), PolicyName: aws.String(policyName), } - return d.IAMAPI.GetRolePolicy(rolePolicyInput) + return d.client.GetRolePolicy(ctx, rolePolicyInput) } -func (d *defaultIAM) PutRolePolicy(policyDocument string, policyName string, roleName string) error { +func (d *defaultIAM) PutRolePolicy(ctx context.Context, policyDocument string, policyName string, roleName string) error { policyInput := &iam.PutRolePolicyInput{ PolicyDocument: aws.String(policyDocument), PolicyName: aws.String(policyName), RoleName: aws.String(roleName), } - _, err := d.IAMAPI.PutRolePolicy(policyInput) + _, err := d.client.PutRolePolicy(ctx, policyInput) return err } -func (d *defaultIAM) GetInstanceProfile(instanceProfileName string) (*iam.GetInstanceProfileOutput, error) { +func (d *defaultIAM) GetInstanceProfile(ctx context.Context, instanceProfileName string) (*iam.GetInstanceProfileOutput, error) { getInstanceProfileInput := &iam.GetInstanceProfileInput{ InstanceProfileName: aws.String(instanceProfileName), } - return d.IAMAPI.GetInstanceProfile(getInstanceProfileInput) + return d.client.GetInstanceProfile(ctx, getInstanceProfileInput) } -func (d *defaultIAM) ListPolicies(scope string) (*iam.ListPoliciesOutput, error) { +func (d *defaultIAM) ListPolicies(ctx context.Context, scope string) (*iam.ListPoliciesOutput, error) { listPolicyInput := &iam.ListPoliciesInput{ - Scope: aws.String(scope), + Scope: types.PolicyScopeType(scope), } - return d.IAMAPI.ListPolicies(listPolicyInput) + return d.client.ListPolicies(ctx, listPolicyInput) } -func NewIAM(session *session.Session) IAM { +func NewIAM(cfg aws.Config) IAM { return &defaultIAM{ - IAMAPI: iam.New(session), + client: iam.NewFromConfig(cfg), } } diff --git a/test/framework/resources/aws/utils/nodegroup.go b/test/framework/resources/aws/utils/nodegroup.go index 6d395d8ca4..6518857b41 100644 --- a/test/framework/resources/aws/utils/nodegroup.go +++ b/test/framework/resources/aws/utils/nodegroup.go @@ -14,6 +14,7 @@ package utils import ( + "context" "fmt" "os" "strconv" @@ -22,18 +23,15 @@ import ( "gopkg.in/yaml.v2" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cloudformation" - "github.com/aws/amazon-vpc-cni-k8s/pkg/vpc" "github.com/aws/amazon-vpc-cni-k8s/test/framework" k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" + "github.com/aws/aws-sdk-go-v2/aws" + cloudformationtypes "github.com/aws/aws-sdk-go-v2/service/cloudformation/types" ) const ( - // Docker will be default, if not specified - CONTAINERD = "containerd" CreateNodeGroupCFNTemplate = "/testdata/amazon-eks-nodegroup.yaml" NodeImageIdSSMParam = "/aws/service/eks/optimized-ami/%s/amazon-linux-2/recommended/image_id" ) @@ -81,7 +79,7 @@ func CreateAndWaitTillSelfManagedNGReady(f *framework.Framework, properties Node } template := string(templateBytes) - describeClusterOutput, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + describeClusterOutput, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) if err != nil { return fmt.Errorf("failed to describe cluster %s: %v", f.Options.ClusterName, err) } @@ -105,7 +103,7 @@ func CreateAndWaitTillSelfManagedNGReady(f *framework.Framework, properties Node asgSizeString := strconv.Itoa(properties.AsgSize) - createNgStackParams := []*cloudformation.Parameter{ + createNgStackParams := []cloudformationtypes.Parameter{ { ParameterKey: aws.String("ClusterName"), ParameterValue: aws.String(f.Options.ClusterName), @@ -120,7 +118,7 @@ func CreateAndWaitTillSelfManagedNGReady(f *framework.Framework, properties Node }, { ParameterKey: aws.String("ClusterControlPlaneSecurityGroup"), - ParameterValue: describeClusterOutput.Cluster.ResourcesVpcConfig.SecurityGroupIds[0], + ParameterValue: aws.String(describeClusterOutput.Cluster.ResourcesVpcConfig.SecurityGroupIds[0]), }, { ParameterKey: aws.String("NodeGroupName"), @@ -161,14 +159,14 @@ func CreateAndWaitTillSelfManagedNGReady(f *framework.Framework, properties Node } if properties.NodeImageId != "" { - createNgStackParams = append(createNgStackParams, &cloudformation.Parameter{ + createNgStackParams = append(createNgStackParams, cloudformationtypes.Parameter{ ParameterKey: aws.String("NodeImageId"), ParameterValue: aws.String(properties.NodeImageId), }) } describeStackOutput, err := f.CloudServices.CloudFormation(). - WaitTillStackCreated(properties.NodeGroupName, createNgStackParams, template) + WaitTillStackCreated(context.TODO(), properties.NodeGroupName, createNgStackParams, template) if err != nil { return fmt.Errorf("failed to create node group cfn stack: %v", err) } @@ -220,7 +218,7 @@ func CreateAndWaitTillSelfManagedNGReady(f *framework.Framework, properties Node } func DeleteAndWaitTillSelfManagedNGStackDeleted(f *framework.Framework, properties NodeGroupProperties) error { - err := f.CloudServices.CloudFormation().WaitTillStackDeleted(properties.NodeGroupName) + err := f.CloudServices.CloudFormation().WaitTillStackDeleted(context.TODO(), properties.NodeGroupName) if err != nil { return fmt.Errorf("failed to delete node group cfn stack: %v", err) } @@ -257,33 +255,33 @@ func GetClusterVPCConfig(f *framework.Framework) (*ClusterVPCConfig, error) { return nil, fmt.Errorf("partial configuration, if supplying config via flags you need to provide at least public route table ID, public subnet list and availibility zone list") } - describeClusterOutput, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + describeClusterOutput, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) if err != nil { return nil, fmt.Errorf("failed to describe cluster %s: %v", f.Options.ClusterName, err) } for _, subnet := range describeClusterOutput.Cluster.ResourcesVpcConfig.SubnetIds { - describeRouteOutput, err := f.CloudServices.EC2().DescribeRouteTables(*subnet) + describeRouteOutput, err := f.CloudServices.EC2().DescribeRouteTables(context.TODO(), subnet) if err != nil { - return nil, fmt.Errorf("failed to describe subnet %s: %v", *subnet, err) + return nil, fmt.Errorf("failed to describe subnet %s: %v", subnet, err) } isPublic := false for _, route := range describeRouteOutput.RouteTables[0].Routes { if route.GatewayId != nil && strings.Contains(*route.GatewayId, "igw-") { isPublic = true - clusterConfig.PublicSubnetList = append(clusterConfig.PublicSubnetList, *subnet) + clusterConfig.PublicSubnetList = append(clusterConfig.PublicSubnetList, subnet) clusterConfig.PublicRouteTableID = *describeRouteOutput.RouteTables[0].RouteTableId } } if !isPublic { - clusterConfig.PrivateSubnetList = append(clusterConfig.PrivateSubnetList, *subnet) + clusterConfig.PrivateSubnetList = append(clusterConfig.PrivateSubnetList, subnet) } } uniqueAZ := map[string]bool{} for _, subnet := range clusterConfig.PublicSubnetList { - describeSubnet, err := f.CloudServices.EC2().DescribeSubnet(subnet) + describeSubnet, err := f.CloudServices.EC2().DescribeSubnet(context.TODO(), subnet) if err != nil { return nil, fmt.Errorf("failed to describe the subnet %s: %v", subnet, err) } @@ -308,7 +306,7 @@ func TerminateInstances(f *framework.Framework) error { instanceIDs = append(instanceIDs, k8sUtils.GetInstanceIDFromNode(node)) } - err = f.CloudServices.EC2().TerminateInstance(instanceIDs) + err = f.CloudServices.EC2().TerminateInstance(context.TODO(), instanceIDs) if err != nil { return fmt.Errorf("failed to terminate instances: %v", err) } diff --git a/test/framework/resources/k8s/manifest/daemonset.go b/test/framework/resources/k8s/manifest/daemonset.go index 2d8a9720a9..058fb2feba 100644 --- a/test/framework/resources/k8s/manifest/daemonset.go +++ b/test/framework/resources/k8s/manifest/daemonset.go @@ -15,7 +15,7 @@ package manifest import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go-v2/aws" v1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/framework/resources/k8s/manifest/deployment.go b/test/framework/resources/k8s/manifest/deployment.go index 4034bcacd8..ae2243006c 100644 --- a/test/framework/resources/k8s/manifest/deployment.go +++ b/test/framework/resources/k8s/manifest/deployment.go @@ -16,7 +16,7 @@ package manifest import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go-v2/aws" v1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/framework/resources/k8s/manifest/job.go b/test/framework/resources/k8s/manifest/job.go index 20d06c3817..cb8a0e9272 100644 --- a/test/framework/resources/k8s/manifest/job.go +++ b/test/framework/resources/k8s/manifest/job.go @@ -14,7 +14,7 @@ package manifest import ( - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go-v2/aws" batchV1 "k8s.io/api/batch/v1" v1 "k8s.io/api/core/v1" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/framework/resources/k8s/manifest/pod.go b/test/framework/resources/k8s/manifest/pod.go index c19bf3ee1e..dfbab146e9 100644 --- a/test/framework/resources/k8s/manifest/pod.go +++ b/test/framework/resources/k8s/manifest/pod.go @@ -16,7 +16,7 @@ package manifest import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go-v2/aws" v1 "k8s.io/api/core/v1" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/test/framework/resources/k8s/utils/addon.go b/test/framework/resources/k8s/utils/addon.go index 6bd12d590b..cae427aeb8 100644 --- a/test/framework/resources/k8s/utils/addon.go +++ b/test/framework/resources/k8s/utils/addon.go @@ -12,7 +12,7 @@ import ( func WaitTillAddonIsDeleted(eks services.EKS, addonName string, clusterName string) error { ctx := context.Background() return wait.PollImmediateUntil(utils.PollIntervalShort, func() (bool, error) { - _, err := eks.DescribeAddon(&services.AddonInput{ + _, err := eks.DescribeAddon(context.TODO(), services.AddonInput{ AddonName: addonName, ClusterName: clusterName, }) @@ -26,7 +26,7 @@ func WaitTillAddonIsDeleted(eks services.EKS, addonName string, clusterName stri func WaitTillAddonIsActive(eks services.EKS, addonName string, clusterName string) error { ctx := context.Background() return wait.PollImmediateUntil(utils.PollIntervalShort, func() (bool, error) { - describeAddonOutput, err := eks.DescribeAddon(&services.AddonInput{ + describeAddonOutput, err := eks.DescribeAddon(context.TODO(), services.AddonInput{ AddonName: addonName, ClusterName: clusterName, }) @@ -34,7 +34,7 @@ func WaitTillAddonIsActive(eks services.EKS, addonName string, clusterName strin return false, err } - status := *describeAddonOutput.Addon.Status + status := describeAddonOutput.Addon.Status if status == "CREATE_FAILED" || status == "DEGRADED" { return false, errors.Errorf("Create Addon Failed, addon status: %s", status) } diff --git a/test/integration/az-traffic/pod_az_traffic_suite_test.go b/test/integration/az-traffic/pod_az_traffic_suite_test.go index 292bdf5aa2..c088b62cf7 100644 --- a/test/integration/az-traffic/pod_az_traffic_suite_test.go +++ b/test/integration/az-traffic/pod_az_traffic_suite_test.go @@ -33,7 +33,7 @@ var _ = BeforeSuite(func() { f = framework.New(framework.GlobalOptions) By("creating test namespace") - f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace) + _ = f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace) By(fmt.Sprintf("getting the node with the node label key %s and value %s", f.Options.NgNameLabelKey, f.Options.NgNameLabelVal)) @@ -44,6 +44,6 @@ var _ = BeforeSuite(func() { var _ = AfterSuite(func() { By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). + _ = f.K8sResourceManagers.NamespaceManager(). DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) }) diff --git a/test/integration/az-traffic/pod_traffic_across_az_test.go b/test/integration/az-traffic/pod_traffic_across_az_test.go index a0d918f8c2..69755cd295 100644 --- a/test/integration/az-traffic/pod_traffic_across_az_test.go +++ b/test/integration/az-traffic/pod_traffic_across_az_test.go @@ -1,11 +1,13 @@ package az_traffic import ( + "context" "fmt" "strconv" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cloudwatch" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/cloudwatch" + cloudwatchtypes "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" "github.com/aws/amazon-vpc-cni-k8s/test/framework" "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" @@ -35,7 +37,7 @@ var _ = Describe("[STATIC_CANARY] AZ Node Presence", FlakeAttempts(retries), fun nodes, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey, f.Options.NgNameLabelVal) Expect(err).ToNot(HaveOccurred()) - describeAZOutput, err := f.CloudServices.EC2().DescribeAvailabilityZones() + describeAZOutput, err := f.CloudServices.EC2().DescribeAvailabilityZones(context.TODO()) Expect(err).ToNot(HaveOccurred()) for _, az := range describeAZOutput.AvailabilityZones { @@ -166,7 +168,7 @@ func GetAZMappings(nodes coreV1.NodeList) (map[string]coreV1.Pod, map[string]str // Map of AZ name to AZ ID azToazID := make(map[string]string) - describeAZOutput, err := f.CloudServices.EC2().DescribeAvailabilityZones() + describeAZOutput, err := f.CloudServices.EC2().DescribeAvailabilityZones(context.TODO()) // iterate describe AZ output and populate AZ name to AZ ID mapping for _, az := range describeAZOutput.AvailabilityZones { @@ -249,7 +251,7 @@ var _ = Describe("[STATIC_CANARY] API Server Connectivity from AZs", FlakeAttemp Context("While testing API Server Connectivity", func() { It("Should connect to the API Server", func() { - describeClusterOutput, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + describeClusterOutput, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("Error while Describing the cluster to find APIServer NLB endpoint. %s", f.Options.ClusterName)) APIServerNLBEndpoint := fmt.Sprintf("%s/api", *describeClusterOutput.Cluster.Endpoint) APIServerInternalEndpoint := "https://kubernetes.default.svc/api" @@ -291,12 +293,12 @@ func CheckAPIServerConnectivityFromPods(azToPod map[string]coreV1.Pod, azToazId if f.Options.PublishCWMetrics { putmetricData := cloudwatch.PutMetricDataInput{ Namespace: aws.String(MetricNamespace), - MetricData: []*cloudwatch.MetricDatum{ + MetricData: []cloudwatchtypes.MetricDatum{ { MetricName: aws.String(MetricName), - Unit: aws.String("Count"), + Unit: cloudwatchtypes.StandardUnitCount, Value: aws.Float64(1), - Dimensions: []*cloudwatch.Dimension{ + Dimensions: []cloudwatchtypes.Dimension{ { Name: aws.String("AZID"), Value: aws.String(azToazId[az]), @@ -306,7 +308,7 @@ func CheckAPIServerConnectivityFromPods(azToPod map[string]coreV1.Pod, azToazId }, } - _, err = f.CloudServices.CloudWatch().PutMetricData(&putmetricData) + _, err = f.CloudServices.CloudWatch().PutMetricData(context.TODO(), &putmetricData) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("Error while putting metric data for API Server Connectivity from %s", az)) } } @@ -327,12 +329,12 @@ func CheckConnectivityBetweenPods(azToPod map[string]coreV1.Pod, azToazId map[st if f.Options.PublishCWMetrics { putmetricData := cloudwatch.PutMetricDataInput{ Namespace: aws.String(MetricNamespace), - MetricData: []*cloudwatch.MetricDatum{ + MetricData: []cloudwatchtypes.MetricDatum{ { MetricName: aws.String(MetricName), - Unit: aws.String("Count"), + Unit: cloudwatchtypes.StandardUnitCount, Value: aws.Float64(1), - Dimensions: []*cloudwatch.Dimension{ + Dimensions: []cloudwatchtypes.Dimension{ { Name: aws.String("AZID"), Value: aws.String(azToazId[az1]), @@ -341,7 +343,7 @@ func CheckConnectivityBetweenPods(azToPod map[string]coreV1.Pod, azToazId map[st }, }, } - _, err := f.CloudServices.CloudWatch().PutMetricData(&putmetricData) + _, err := f.CloudServices.CloudWatch().PutMetricData(context.TODO(), &putmetricData) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("Error while putting metric data for API Server Connectivity from %s", azToazId[az1])) } } @@ -367,7 +369,7 @@ func testConnectivity(senderPod coreV1.Pod, receiverPod coreV1.Pod, expectedStdo testerCommand := getTestCommandFunc(receiverPod, port) - fmt.Fprintf(GinkgoWriter, "verifying connectivity from pod %s on node %s with IP %s to pod"+ + _, _ = fmt.Fprintf(GinkgoWriter, "verifying connectivity from pod %s on node %s with IP %s to pod"+ " %s on node %s with IP %s\n", senderPod.Name, senderPod.Spec.NodeName, senderPod.Status.PodIP, receiverPod.Name, receiverPod.Spec.NodeName, receiverPod.Status.PodIP) @@ -375,7 +377,7 @@ func testConnectivity(senderPod coreV1.Pod, receiverPod coreV1.Pod, expectedStdo PodExec(senderPod.Namespace, senderPod.Name, testerCommand) Expect(err).ToNot(HaveOccurred()) - fmt.Fprintf(GinkgoWriter, "stdout: %s and stderr: %s\n", stdOut, stdErr) + _, _ = fmt.Fprintf(GinkgoWriter, "stdout: %s and stderr: %s\n", stdOut, stdErr) Expect(stdErr).To(ContainSubstring(expectedStderr)) Expect(stdOut).To(ContainSubstring(expectedStdout)) diff --git a/test/integration/cni-egress/pod_egress_suite_test.go b/test/integration/cni-egress/pod_egress_suite_test.go index 831935bb43..c9b4452434 100644 --- a/test/integration/cni-egress/pod_egress_suite_test.go +++ b/test/integration/cni-egress/pod_egress_suite_test.go @@ -14,6 +14,7 @@ package cni_egress import ( + "context" "fmt" "testing" @@ -60,14 +61,14 @@ var _ = BeforeSuite(func() { f = framework.New(framework.GlobalOptions) By("checking cluster v4 or v6") - clusterOutput, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + clusterOutput, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) Expect(err).NotTo(HaveOccurred()) isIPv4Cluster = false - if *clusterOutput.Cluster.KubernetesNetworkConfig.IpFamily == "ipv4" { + if clusterOutput.Cluster.KubernetesNetworkConfig.IpFamily == "ipv4" { isIPv4Cluster = true } By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). + _ = f.K8sResourceManagers.NamespaceManager(). CreateNamespace(utils.DefaultTestNamespace) By(fmt.Sprintf("getting the node with the node label key %s and value %s", @@ -90,7 +91,7 @@ var _ = BeforeSuite(func() { Expect(primaryNode.Name).To(Not(HaveLen(0)), "expected to find a non-tainted node") instanceID := k8sUtils.GetInstanceIDFromNode(primaryNode) - primaryInstance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) if isIPv4Cluster { @@ -104,7 +105,7 @@ var _ = BeforeSuite(func() { instanceType := primaryNode.Labels[InstanceTypeNodeLabelKey] By("getting the network interface details from ec2") - instanceOutput, err := f.CloudServices.EC2().DescribeInstanceType(instanceType) + instanceOutput, err := f.CloudServices.EC2().DescribeInstanceType(context.TODO(), instanceType) Expect(err).ToNot(HaveOccurred()) // Subtract 2 for coredns pods if any, both could be on same Interface diff --git a/test/integration/cni-egress/pod_egress_test.go b/test/integration/cni-egress/pod_egress_test.go index c1766677f7..74d59b2514 100644 --- a/test/integration/cni-egress/pod_egress_test.go +++ b/test/integration/cni-egress/pod_egress_test.go @@ -17,7 +17,7 @@ import ( "fmt" "strings" - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go-v2/aws" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" diff --git a/test/integration/cni-upgrade-downgrade/upgrade_downgrade_suite_test.go b/test/integration/cni-upgrade-downgrade/upgrade_downgrade_suite_test.go index 0250f9740a..59fd443e4b 100644 --- a/test/integration/cni-upgrade-downgrade/upgrade_downgrade_suite_test.go +++ b/test/integration/cni-upgrade-downgrade/upgrade_downgrade_suite_test.go @@ -1,6 +1,7 @@ package cni_upgrade_downgrade import ( + "context" "fmt" "testing" @@ -54,7 +55,7 @@ var _ = BeforeSuite(func() { // Get the node security group instanceID := k8sUtils.GetInstanceIDFromNode(primaryNode) - primaryInstance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) // This won't work if the first SG is only associated with the primary instance. @@ -65,14 +66,14 @@ var _ = BeforeSuite(func() { instanceType := primaryNode.Labels[InstanceTypeNodeLabelKey] By("getting the network interface details from ec2") - instanceOutput, err := f.CloudServices.EC2().DescribeInstanceType(instanceType) + instanceOutput, err := f.CloudServices.EC2().DescribeInstanceType(context.TODO(), instanceType) Expect(err).ToNot(HaveOccurred()) // Subtract 2 for coredns pods if present, and both could be on same ENI maxIPPerInterface = int(*instanceOutput[0].NetworkInfo.Ipv4AddressesPerInterface) - 2 By("describing the VPC to get the VPC CIDRs") - describeVPCOutput, err := f.CloudServices.EC2().DescribeVPC(f.Options.AWSVPCID) + describeVPCOutput, err := f.CloudServices.EC2().DescribeVPC(context.TODO(), f.Options.AWSVPCID) Expect(err).ToNot(HaveOccurred()) for _, cidrBlockAssociationSet := range describeVPCOutput.Vpcs[0].CidrBlockAssociationSet { diff --git a/test/integration/cni/pod_networking_suite_test.go b/test/integration/cni/pod_networking_suite_test.go index f2aaa69c3f..1e3da1dc09 100644 --- a/test/integration/cni/pod_networking_suite_test.go +++ b/test/integration/cni/pod_networking_suite_test.go @@ -14,6 +14,7 @@ package cni import ( + "context" "fmt" "testing" @@ -75,7 +76,7 @@ var _ = BeforeSuite(func() { // Get the node security group instanceID := k8sUtils.GetInstanceIDFromNode(primaryNode) - primaryInstance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) // This won't work if the first SG is only associated with the primary instance. @@ -86,14 +87,14 @@ var _ = BeforeSuite(func() { instanceType := primaryNode.Labels[InstanceTypeNodeLabelKey] By("getting the network interface details from ec2") - instanceOutput, err := f.CloudServices.EC2().DescribeInstanceType(instanceType) + instanceOutput, err := f.CloudServices.EC2().DescribeInstanceType(context.TODO(), instanceType) Expect(err).ToNot(HaveOccurred()) // Subtract 2 for coredns pods if any, both could be on same Interface maxIPPerInterface = int(*instanceOutput[0].NetworkInfo.Ipv4AddressesPerInterface) - 2 By("describing the VPC to get the VPC CIDRs") - describeVPCOutput, err := f.CloudServices.EC2().DescribeVPC(f.Options.AWSVPCID) + describeVPCOutput, err := f.CloudServices.EC2().DescribeVPC(context.TODO(), f.Options.AWSVPCID) Expect(err).ToNot(HaveOccurred()) for _, cidrBlockAssociationSet := range describeVPCOutput.Vpcs[0].CidrBlockAssociationSet { diff --git a/test/integration/cni/pod_traffic_test.go b/test/integration/cni/pod_traffic_test.go index f63ba4a430..bcd5794009 100644 --- a/test/integration/cni/pod_traffic_test.go +++ b/test/integration/cni/pod_traffic_test.go @@ -14,6 +14,7 @@ package cni import ( + "context" "fmt" "strconv" @@ -22,7 +23,6 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" - "github.com/aws/aws-sdk-go/service/ec2" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" @@ -72,12 +72,12 @@ var _ = Describe("test pod networking", func() { JustBeforeEach(func() { By("authorizing security group ingress on instance security group") err = f.CloudServices.EC2(). - AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + AuthorizeSecurityGroupIngress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) Expect(err).ToNot(HaveOccurred()) By("authorizing security group egress on instance security group") err = f.CloudServices.EC2(). - AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + AuthorizeSecurityGroupEgress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") Expect(err).ToNot(HaveOccurred()) serverContainer := manifest. @@ -139,12 +139,12 @@ var _ = Describe("test pod networking", func() { JustAfterEach(func() { By("revoking security group ingress on instance security group") err = f.CloudServices.EC2(). - RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + RevokeSecurityGroupIngress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) Expect(err).ToNot(HaveOccurred()) By("revoking security group egress on instance security group") err = f.CloudServices.EC2(). - RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + RevokeSecurityGroupEgress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") Expect(err).ToNot(HaveOccurred()) By("deleting the primary node server deployment") @@ -190,7 +190,7 @@ var _ = Describe("test pod networking", func() { Context("[CANARY][SMOKE] when establishing UDP connection from tester to server", func() { BeforeEach(func() { serverPort = 2273 - protocol = ec2.ProtocolUdp + protocol = "udp" serverListenCmd = []string{"nc"} // The nc flag "-l" for listen mode, "-k" to keep server up and not close // connection after each connection, "-u" for udp @@ -229,7 +229,7 @@ var _ = Describe("test pod networking", func() { BeforeEach(func() { serverPort = 2273 - protocol = ec2.ProtocolTcp + protocol = "tcp" // Test tcp connection using netcat serverListenCmd = []string{"nc"} // The nc flag "-l" for listen mode, "-k" to keep server up and not close @@ -270,7 +270,7 @@ func VerifyConnectivityFailsForNegativeCase(senderPod coreV1.Pod, receiverPod co testerCommand := getTestCommandFunc(receiverPod, port) - fmt.Fprintf(GinkgoWriter, "verifying connectivity fails from pod %s on node %s with IP %s to pod"+ + _, _ = fmt.Fprintf(GinkgoWriter, "verifying connectivity fails from pod %s on node %s with IP %s to pod"+ " %s on node %s with IP %s\n", senderPod.Name, senderPod.Spec.NodeName, senderPod.Status.PodIP, receiverPod.Name, receiverPod.Spec.NodeName, receiverPod.Status.PodIP) @@ -330,7 +330,7 @@ func testConnectivity(senderPod coreV1.Pod, receiverPod coreV1.Pod, expectedStdo testerCommand := getTestCommandFunc(receiverPod, port) - fmt.Fprintf(GinkgoWriter, "verifying connectivity from pod %s on node %s with IP %s to pod"+ + _, _ = fmt.Fprintf(GinkgoWriter, "verifying connectivity from pod %s on node %s with IP %s to pod"+ " %s on node %s with IP %s\n", senderPod.Name, senderPod.Spec.NodeName, senderPod.Status.PodIP, receiverPod.Name, receiverPod.Spec.NodeName, receiverPod.Status.PodIP) @@ -338,7 +338,7 @@ func testConnectivity(senderPod coreV1.Pod, receiverPod coreV1.Pod, expectedStdo PodExec(senderPod.Namespace, senderPod.Name, testerCommand) Expect(err).ToNot(HaveOccurred()) - fmt.Fprintf(GinkgoWriter, "stdout: %s and stderr: %s\n", stdOut, stdErr) + _, _ = fmt.Fprintf(GinkgoWriter, "stdout: %s and stderr: %s\n", stdOut, stdErr) Expect(stdErr).To(ContainSubstring(expectedStderr)) Expect(stdOut).To(ContainSubstring(expectedStdout)) diff --git a/test/integration/cni/service_connectivity_test.go b/test/integration/cni/service_connectivity_test.go index f085baa101..c38f9175d9 100644 --- a/test/integration/cni/service_connectivity_test.go +++ b/test/integration/cni/service_connectivity_test.go @@ -139,7 +139,7 @@ var _ = Describe("[CANARY] test service connectivity", FlakeAttempts(3), func() // since pod placement is not guaranteed to be equally distributed By("checking number of ENIs is less than or equal to maxENIs") instanceID := k8sUtils.GetInstanceIDFromNode(primaryNode) - primaryInstance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) Expect(len(primaryInstance.NetworkInterfaces) <= 3).To(BeTrue()) }) diff --git a/test/integration/cni/soak_test.go b/test/integration/cni/soak_test.go index 8819a8b5ce..959a5a6ff0 100644 --- a/test/integration/cni/soak_test.go +++ b/test/integration/cni/soak_test.go @@ -14,15 +14,14 @@ package cni import ( + "context" "fmt" "strconv" "time" + "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" "github.com/aws/amazon-vpc-cni-k8s/test/integration/common" - "github.com/aws/aws-sdk-go/service/ec2" - - "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -59,17 +58,17 @@ var _ = Describe("SOAK Test pod networking", Ordered, func() { BeforeAll(func() { fmt.Println("Starting SOAK test") - protocol = ec2.ProtocolTcp + protocol = "tcp" serverPort = 2273 By("Authorize Security Group Ingress on EC2 instance.") err = f.CloudServices.EC2(). - AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + AuthorizeSecurityGroupIngress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) Expect(err).ToNot(HaveOccurred()) By("Authorize Security Group Egress on EC2 instance.") err = f.CloudServices.EC2(). - AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + AuthorizeSecurityGroupEgress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") Expect(err).ToNot(HaveOccurred()) }) @@ -78,12 +77,12 @@ var _ = Describe("SOAK Test pod networking", Ordered, func() { By("Revoke Security Group Ingress.") err = f.CloudServices.EC2(). - RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + RevokeSecurityGroupIngress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) Expect(err).ToNot(HaveOccurred()) By("Revoke Security Group Egress.") err = f.CloudServices.EC2(). - RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + RevokeSecurityGroupEgress(context.TODO(), instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") Expect(err).ToNot(HaveOccurred()) By("SOAK test completed") diff --git a/test/integration/common/util.go b/test/integration/common/util.go index a451a77aff..a986b5cf8d 100644 --- a/test/integration/common/util.go +++ b/test/integration/common/util.go @@ -2,13 +2,15 @@ package common import ( "bytes" + "context" "fmt" "io" "os" "os/exec" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/amazon-vpc-cni-k8s/test/agent/pkg/input" - "github.com/aws/aws-sdk-go/service/ec2" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" coreV1 "k8s.io/api/core/v1" @@ -105,7 +107,7 @@ func ValidateHostNetworking(testType TestType, podValidationInputString string, PodLogs(testPod.Namespace, testPod.Name) Expect(errLogs).ToNot(HaveOccurred()) - fmt.Fprintln(GinkgoWriter, logs) + _, _ = fmt.Fprintln(GinkgoWriter, logs) if shouldTestPodError { Expect(err).To(HaveOccurred()) @@ -128,7 +130,7 @@ func GetPodsOnPrimaryAndSecondaryInterface(node coreV1.Node, Expect(err).ToNot(HaveOccurred()) instance, err := f.CloudServices.EC2(). - DescribeInstance(k8sUtils.GetInstanceIDFromNode(node)) + DescribeInstance(context.TODO(), k8sUtils.GetInstanceIDFromNode(node)) Expect(err).ToNot(HaveOccurred()) interfaceToPodList := InterfaceTypeToPodList{ @@ -173,7 +175,7 @@ func GetTrafficTestConfig(f *framework.Framework, protocol string, serverDeploym } } -func IsPrimaryENI(nwInterface *ec2.InstanceNetworkInterface, instanceIPAddr *string) bool { +func IsPrimaryENI(nwInterface ec2types.InstanceNetworkInterface, instanceIPAddr *string) bool { for _, privateIPAddress := range nwInterface.PrivateIpAddresses { if *privateIPAddress.PrivateIpAddress == *instanceIPAddr { return true diff --git a/test/integration/custom-networking-sgpp/custom_networking_sgpp_suite_test.go b/test/integration/custom-networking-sgpp/custom_networking_sgpp_suite_test.go index 085309d2af..36c6a29ac3 100644 --- a/test/integration/custom-networking-sgpp/custom_networking_sgpp_suite_test.go +++ b/test/integration/custom-networking-sgpp/custom_networking_sgpp_suite_test.go @@ -14,6 +14,7 @@ package custom_networking_sgpp import ( + "context" "flag" "fmt" "net" @@ -85,25 +86,25 @@ var _ = BeforeSuite(func() { Expect(err).ToNot(HaveOccurred()) By("Getting Cluster Security Group ID") - clusterRes, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + clusterRes, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) Expect(err).NotTo(HaveOccurred()) clusterSGID = *(clusterRes.Cluster.ResourcesVpcConfig.ClusterSecurityGroupId) - fmt.Fprintf(GinkgoWriter, "cluster security group is %s\n", clusterSGID) + _, _ = fmt.Fprintf(GinkgoWriter, "cluster security group is %s\n", clusterSGID) // Custom Networking setup // TODO: Ideally, we would clone the Custom Networking SG from the cluster SG. Unfortunately, the EC2 API does not support this. By("creating security group to be used by custom networking") createSecurityGroupOutput, err := f.CloudServices.EC2(). - CreateSecurityGroup("custom-networking-test", "custom networking", f.Options.AWSVPCID) + CreateSecurityGroup(context.TODO(), "custom-networking-test", "custom networking", f.Options.AWSVPCID) Expect(err).ToNot(HaveOccurred()) customNetworkingSGID = *createSecurityGroupOutput.GroupId By("authorizing egress and ingress for security group in ENIConfig") - f.CloudServices.EC2().AuthorizeSecurityGroupEgress(customNetworkingSGID, "-1", -1, -1, v4Zero) - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(customNetworkingSGID, "-1", -1, -1, v4Zero, false) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupEgress(context.TODO(), customNetworkingSGID, "-1", -1, -1, v4Zero) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), customNetworkingSGID, "-1", -1, -1, v4Zero, false) By("associating cidr range to the VPC") - association, err := f.CloudServices.EC2().AssociateVPCCIDRBlock(f.Options.AWSVPCID, cidrRange.String()) + association, err := f.CloudServices.EC2().AssociateVPCCIDRBlock(context.TODO(), f.Options.AWSVPCID, cidrRange.String()) Expect(err).ToNot(HaveOccurred()) cidrBlockAssociationID = *association.CidrBlockAssociation.AssociationId @@ -114,13 +115,13 @@ var _ = BeforeSuite(func() { Expect(err).ToNot(HaveOccurred()) createSubnetOutput, err := f.CloudServices.EC2(). - CreateSubnet(subnetCidr.String(), f.Options.AWSVPCID, az) + CreateSubnet(context.TODO(), subnetCidr.String(), f.Options.AWSVPCID, az) Expect(err).ToNot(HaveOccurred()) subnetID := *createSubnetOutput.Subnet.SubnetId By("associating the route table with the newly created subnet") - err = f.CloudServices.EC2().AssociateRouteTableToSubnet(clusterVPCConfig.PublicRouteTableID, subnetID) + err = f.CloudServices.EC2().AssociateRouteTableToSubnet(context.TODO(), clusterVPCConfig.PublicRouteTableID, subnetID) Expect(err).ToNot(HaveOccurred()) eniConfigBuilder := manifest.NewENIConfigBuilder(). @@ -144,14 +145,14 @@ var _ = BeforeSuite(func() { // Note that Custom Networking only supports IPv4 clusters, so IPv4 setup can be assumed. By("creating a new security group for use in Security Group Policy") podEniSGName := "pod-eni-automation-v4" - securityGroupOutput, err := f.CloudServices.EC2().CreateSecurityGroup(podEniSGName, + securityGroupOutput, err := f.CloudServices.EC2().CreateSecurityGroup(context.TODO(), podEniSGName, "test created by vpc cni automation test suite", f.Options.AWSVPCID) Expect(err).ToNot(HaveOccurred()) podEniSGID = *securityGroupOutput.GroupId By("authorizing egress and ingress on security group for client-server communication") - f.CloudServices.EC2().AuthorizeSecurityGroupEgress(podEniSGID, "tcp", podEniOpenPort, podEniOpenPort, v4Zero) - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(podEniSGID, "tcp", podEniOpenPort, podEniOpenPort, v4Zero, false) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupEgress(context.TODO(), podEniSGID, "tcp", podEniOpenPort, podEniOpenPort, v4Zero) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), podEniSGID, "tcp", podEniOpenPort, podEniOpenPort, v4Zero, false) By("getting branch ENI limits") nodeList, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey, f.Options.NgNameLabelVal) @@ -161,9 +162,9 @@ var _ = BeforeSuite(func() { node := nodeList.Items[0] instanceID := k8sUtils.GetInstanceIDFromNode(node) - nodeInstance, err := f.CloudServices.EC2().DescribeInstance(instanceID) - instanceType := *nodeInstance.InstanceType - totalBranchInterface = vpc.Limits[instanceType].BranchInterface * numNodes + nodeInstance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) + instanceType := nodeInstance.InstanceType + totalBranchInterface = vpc.Limits[string(instanceType)].BranchInterface * numNodes By("enabling custom networking and sgpp on aws-node DaemonSet") k8sUtils.AddEnvVarToDaemonSetAndWaitTillUpdated(f, utils.AwsNodeName, @@ -202,18 +203,18 @@ var _ = AfterSuite(func() { errs.Append(awsUtils.TerminateInstances(f)) By("deleting Custom Networking security group") - errs.Append(f.CloudServices.EC2().DeleteSecurityGroup(customNetworkingSGID)) + errs.Append(f.CloudServices.EC2().DeleteSecurityGroup(context.TODO(), customNetworkingSGID)) By("deleting pod ENI security group") - errs.Append(f.CloudServices.EC2().DeleteSecurityGroup(podEniSGID)) + errs.Append(f.CloudServices.EC2().DeleteSecurityGroup(context.TODO(), podEniSGID)) for _, subnet := range customNetworkingSubnetIDList { By(fmt.Sprintf("deleting the subnet %s", subnet)) - errs.Append(f.CloudServices.EC2().DeleteSubnet(subnet)) + errs.Append(f.CloudServices.EC2().DeleteSubnet(context.TODO(), subnet)) } By("disassociating the CIDR range to the VPC") - errs.Append(f.CloudServices.EC2().DisAssociateVPCCIDRBlock(cidrBlockAssociationID)) + errs.Append(f.CloudServices.EC2().DisAssociateVPCCIDRBlock(context.TODO(), cidrBlockAssociationID)) Expect(errs.MaybeUnwrap()).ToNot(HaveOccurred()) }) diff --git a/test/integration/custom-networking-sgpp/trunk_test.go b/test/integration/custom-networking-sgpp/trunk_test.go index f96d972c10..481d2eb4f7 100644 --- a/test/integration/custom-networking-sgpp/trunk_test.go +++ b/test/integration/custom-networking-sgpp/trunk_test.go @@ -14,6 +14,8 @@ package custom_networking_sgpp import ( + "context" + k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -23,7 +25,7 @@ var _ = Describe("Trunk ENI Security Group Test", func() { Context("when validating security group on trunk ENI", func() { It("should match security group in ENIConfig", func() { instanceID := k8sUtils.GetInstanceIDFromNode(targetNode) - instance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + instance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) trunkSGMatch := false diff --git a/test/integration/custom-networking/custom_networking_suite_test.go b/test/integration/custom-networking/custom_networking_suite_test.go index 0dd8ac9301..1b16257b25 100644 --- a/test/integration/custom-networking/custom_networking_suite_test.go +++ b/test/integration/custom-networking/custom_networking_suite_test.go @@ -14,6 +14,7 @@ package custom_networking import ( + "context" "flag" "fmt" "net" @@ -82,22 +83,22 @@ var _ = BeforeSuite(func() { By("creating security group to be used by custom networking") createSecurityGroupOutput, err := f.CloudServices.EC2(). - CreateSecurityGroup("custom-networking-test", "custom networking", f.Options.AWSVPCID) + CreateSecurityGroup(context.TODO(), "custom-networking-test", "custom networking", f.Options.AWSVPCID) Expect(err).ToNot(HaveOccurred()) customNetworkingSGID = *createSecurityGroupOutput.GroupId By("authorizing egress and ingress on security group for single port") - f.CloudServices.EC2().AuthorizeSecurityGroupEgress(customNetworkingSGID, "TCP", + f.CloudServices.EC2().AuthorizeSecurityGroupEgress(context.TODO(), customNetworkingSGID, "TCP", customNetworkingSGOpenPort, customNetworkingSGOpenPort, "0.0.0.0/0") - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(customNetworkingSGID, "TCP", + f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), customNetworkingSGID, "TCP", customNetworkingSGOpenPort, customNetworkingSGOpenPort, "0.0.0.0/0", false) - f.CloudServices.EC2().AuthorizeSecurityGroupEgress(customNetworkingSGID, "UDP", + f.CloudServices.EC2().AuthorizeSecurityGroupEgress(context.TODO(), customNetworkingSGID, "UDP", corednsSGOpenPort, corednsSGOpenPort, "0.0.0.0/0") - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(customNetworkingSGID, "UDP", + f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), customNetworkingSGID, "UDP", corednsSGOpenPort, corednsSGOpenPort, "0.0.0.0/0", false) - f.CloudServices.EC2().AuthorizeSecurityGroupEgress(customNetworkingSGID, "TCP", + f.CloudServices.EC2().AuthorizeSecurityGroupEgress(context.TODO(), customNetworkingSGID, "TCP", corednsSGOpenPort, corednsSGOpenPort, "0.0.0.0/0") - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(customNetworkingSGID, "TCP", + f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), customNetworkingSGID, "TCP", corednsSGOpenPort, corednsSGOpenPort, "0.0.0.0/0", false) By("Adding custom networking security group ingress rule from primary eni") @@ -115,10 +116,10 @@ var _ = BeforeSuite(func() { Expect(primaryNode).To(Not(BeNil()), "expected to find a non-tainted node") instanceID := k8sUtils.GetInstanceIDFromNode(*primaryNode) - primaryInstance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) - instance, err := f.CloudServices.EC2().DescribeInstance(*primaryInstance.InstanceId) + instance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), *primaryInstance.InstanceId) Expect(err).ToNot(HaveOccurred()) var primaryENIID string @@ -130,16 +131,16 @@ var _ = BeforeSuite(func() { } } - eniOutput, err := f.CloudServices.EC2().DescribeNetworkInterface([]string{primaryENIID}) + eniOutput, err := f.CloudServices.EC2().DescribeNetworkInterface(context.TODO(), []string{primaryENIID}) Expect(err).ToNot(HaveOccurred()) for _, sg := range eniOutput.NetworkInterfaces[0].Groups { primaryENISGList = append(primaryENISGList, *sg.GroupId) - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(*sg.GroupId, "-1", + f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), *sg.GroupId, "-1", -1, -1, customNetworkingSGID, true) } By("associating cidr range to the VPC") - association, err := f.CloudServices.EC2().AssociateVPCCIDRBlock(f.Options.AWSVPCID, cidrRange.String()) + association, err := f.CloudServices.EC2().AssociateVPCCIDRBlock(context.TODO(), f.Options.AWSVPCID, cidrRange.String()) Expect(err).ToNot(HaveOccurred()) cidrBlockAssociationID = *association.CidrBlockAssociation.AssociationId @@ -150,13 +151,13 @@ var _ = BeforeSuite(func() { Expect(err).ToNot(HaveOccurred()) createSubnetOutput, err := f.CloudServices.EC2(). - CreateSubnet(subnetCidr.String(), f.Options.AWSVPCID, az) + CreateSubnet(context.TODO(), subnetCidr.String(), f.Options.AWSVPCID, az) Expect(err).ToNot(HaveOccurred()) subnetID := *createSubnetOutput.Subnet.SubnetId By("associating the route table with the newly created subnet") - err = f.CloudServices.EC2().AssociateRouteTableToSubnet(clusterVPCConfig.PublicRouteTableID, subnetID) + err = f.CloudServices.EC2().AssociateRouteTableToSubnet(context.TODO(), clusterVPCConfig.PublicRouteTableID, subnetID) Expect(err).ToNot(HaveOccurred()) eniConfigBuilder := manifest.NewENIConfigBuilder(). @@ -213,20 +214,20 @@ var _ = AfterSuite(func() { By("Removing custom networking security group ingress rule from primary eni") for _, sg := range primaryENISGList { - f.CloudServices.EC2().RevokeSecurityGroupIngress(sg, "-1", + _ = f.CloudServices.EC2().RevokeSecurityGroupIngress(context.TODO(), sg, "-1", -1, -1, customNetworkingSGID, true) } By("deleting security group") - errs.Append(f.CloudServices.EC2().DeleteSecurityGroup(customNetworkingSGID)) + errs.Append(f.CloudServices.EC2().DeleteSecurityGroup(context.TODO(), customNetworkingSGID)) for _, subnet := range customNetworkingSubnetIDList { By(fmt.Sprintf("deleting the subnet %s", subnet)) - errs.Append(f.CloudServices.EC2().DeleteSubnet(subnet)) + errs.Append(f.CloudServices.EC2().DeleteSubnet(context.TODO(), subnet)) } By("disassociating the CIDR range to the VPC") - errs.Append(f.CloudServices.EC2().DisAssociateVPCCIDRBlock(cidrBlockAssociationID)) + errs.Append(f.CloudServices.EC2().DisAssociateVPCCIDRBlock(context.TODO(), cidrBlockAssociationID)) Expect(errs.MaybeUnwrap()).ToNot(HaveOccurred()) }) diff --git a/test/integration/eni-subnet-discovery/eni_subnet_discovery_suite_test.go b/test/integration/eni-subnet-discovery/eni_subnet_discovery_suite_test.go index ed83c71ead..e5509ee814 100644 --- a/test/integration/eni-subnet-discovery/eni_subnet_discovery_suite_test.go +++ b/test/integration/eni-subnet-discovery/eni_subnet_discovery_suite_test.go @@ -14,18 +14,20 @@ package eni_subnet_discovery import ( + "context" "flag" "fmt" "net" "testing" "time" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/apparentlymart/go-cidr/cidr" "github.com/aws/amazon-vpc-cni-k8s/test/framework" awsUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/aws/utils" k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/service/ec2" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/prometheus/client_golang/prometheus" @@ -44,7 +46,7 @@ var ( cidrRange *net.IPNet cidrBlockAssociationID string createdSubnet string - primaryInstance *ec2.Instance + primaryInstance ec2types.Instance ) // Parse test specific variable from flag @@ -74,21 +76,21 @@ var _ = BeforeSuite(func() { Expect(primaryNode).To(Not(BeNil()), "expected to find a non-tainted node") instanceID := k8sUtils.GetInstanceIDFromNode(*primaryNode) - primaryInstance, err = f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err = f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) _, cidrRange, err = net.ParseCIDR(cidrRangeString) Expect(err).ToNot(HaveOccurred()) By("creating test namespace") - f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace) + _ = f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace) By("getting the cluster VPC Config") clusterVPCConfig, err = awsUtils.GetClusterVPCConfig(f) Expect(err).ToNot(HaveOccurred()) By("associating cidr range to the VPC") - association, err := f.CloudServices.EC2().AssociateVPCCIDRBlock(f.Options.AWSVPCID, cidrRange.String()) + association, err := f.CloudServices.EC2().AssociateVPCCIDRBlock(context.TODO(), f.Options.AWSVPCID, cidrRange.String()) Expect(err).ToNot(HaveOccurred()) cidrBlockAssociationID = *association.CidrBlockAssociation.AssociationId @@ -99,13 +101,13 @@ var _ = BeforeSuite(func() { Expect(err).ToNot(HaveOccurred()) createSubnetOutput, err := f.CloudServices.EC2(). - CreateSubnet(subnetCidr.String(), f.Options.AWSVPCID, *primaryInstance.Placement.AvailabilityZone) + CreateSubnet(context.TODO(), subnetCidr.String(), f.Options.AWSVPCID, *primaryInstance.Placement.AvailabilityZone) Expect(err).ToNot(HaveOccurred()) subnetID := *createSubnetOutput.Subnet.SubnetId By("associating the route table with the newly created subnet") - err = f.CloudServices.EC2().AssociateRouteTableToSubnet(clusterVPCConfig.PublicRouteTableID, subnetID) + err = f.CloudServices.EC2().AssociateRouteTableToSubnet(context.TODO(), clusterVPCConfig.PublicRouteTableID, subnetID) Expect(err).ToNot(HaveOccurred()) By("try detaching all ENIs by setting WARM_ENI_TARGET to 0") @@ -120,7 +122,7 @@ var _ = BeforeSuite(func() { var _ = AfterSuite(func() { By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). + _ = f.K8sResourceManagers.NamespaceManager(). DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) var errs prometheus.MultiError @@ -129,10 +131,10 @@ var _ = AfterSuite(func() { time.Sleep(time.Second * 90) By(fmt.Sprintf("deleting the subnet %s", createdSubnet)) - errs.Append(f.CloudServices.EC2().DeleteSubnet(createdSubnet)) + errs.Append(f.CloudServices.EC2().DeleteSubnet(context.TODO(), createdSubnet)) By("disassociating the CIDR range to the VPC") - errs.Append(f.CloudServices.EC2().DisAssociateVPCCIDRBlock(cidrBlockAssociationID)) + errs.Append(f.CloudServices.EC2().DisAssociateVPCCIDRBlock(context.TODO(), cidrBlockAssociationID)) Expect(errs.MaybeUnwrap()).ToNot(HaveOccurred()) diff --git a/test/integration/eni-subnet-discovery/eni_subnet_discovery_test.go b/test/integration/eni-subnet-discovery/eni_subnet_discovery_test.go index c2fe33c6ad..105d959d63 100644 --- a/test/integration/eni-subnet-discovery/eni_subnet_discovery_test.go +++ b/test/integration/eni-subnet-discovery/eni_subnet_discovery_test.go @@ -14,6 +14,7 @@ package eni_subnet_discovery import ( + "context" "fmt" "net" "os" @@ -21,12 +22,13 @@ import ( "strings" "time" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" "github.com/aws/amazon-vpc-cni-k8s/test/integration/common" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go-v2/aws" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" @@ -97,8 +99,9 @@ var _ = Describe("ENI Subnet Selection Test", func() { By("Tagging kubernetes.io/role/cni to subnet") _, err = f.CloudServices.EC2(). CreateTags( + context.TODO(), []string{createdSubnet}, - []*ec2.Tag{ + []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -111,8 +114,9 @@ var _ = Describe("ENI Subnet Selection Test", func() { By("Untagging kubernetes.io/role/cni from subnet") _, err = f.CloudServices.EC2(). DeleteTags( + context.TODO(), []string{createdSubnet}, - []*ec2.Tag{ + []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -140,11 +144,11 @@ var _ = Describe("ENI Subnet Selection Test", func() { if role == "" { // get the node instance role By("getting the node instance role") instanceProfileRoleName := strings.Split(*primaryInstance.IamInstanceProfile.Arn, "instance-profile/")[1] - instanceProfileOutput, err := f.CloudServices.IAM().GetInstanceProfile(instanceProfileRoleName) + instanceProfileOutput, err := f.CloudServices.IAM().GetInstanceProfile(context.TODO(), instanceProfileRoleName) Expect(err).ToNot(HaveOccurred()) role = *instanceProfileOutput.InstanceProfile.Roles[0].RoleName } - err = f.CloudServices.IAM().DetachRolePolicy(EKSCNIPolicyARN, role) + err = f.CloudServices.IAM().DetachRolePolicy(context.TODO(), EKSCNIPolicyARN, role) Expect(err).ToNot(HaveOccurred()) eksCNIPolicyV4Path := utils.GetProjectRoot() + EKSCNIPolicyV4 @@ -154,10 +158,10 @@ var _ = Describe("ENI Subnet Selection Test", func() { eksCNIPolicyV4Data := string(eksCNIPolicyV4Bytes) By("Creating and attaching policy AmazonEKS_CNI_Policy_V4") - output, err := f.CloudServices.IAM().CreatePolicy("AmazonEKS_CNI_Policy_V4", eksCNIPolicyV4Data) + output, err := f.CloudServices.IAM().CreatePolicy(context.TODO(), "AmazonEKS_CNI_Policy_V4", eksCNIPolicyV4Data) Expect(err).ToNot(HaveOccurred()) EKSCNIPolicyV4ARN = *output.Policy.Arn - err = f.CloudServices.IAM().AttachRolePolicy(EKSCNIPolicyV4ARN, role) + err = f.CloudServices.IAM().AttachRolePolicy(context.TODO(), EKSCNIPolicyV4ARN, role) Expect(err).ToNot(HaveOccurred()) // Sleep to allow time for CNI policy reattachment @@ -168,14 +172,14 @@ var _ = Describe("ENI Subnet Selection Test", func() { AfterEach(func() { By("attaching VPC_CNI policy") - err = f.CloudServices.IAM().AttachRolePolicy(EKSCNIPolicyARN, role) + err = f.CloudServices.IAM().AttachRolePolicy(context.TODO(), EKSCNIPolicyARN, role) Expect(err).ToNot(HaveOccurred()) By("Detaching and deleting policy AmazonEKS_CNI_Policy_V4") - err = f.CloudServices.IAM().DetachRolePolicy(EKSCNIPolicyV4ARN, role) + err = f.CloudServices.IAM().DetachRolePolicy(context.TODO(), EKSCNIPolicyV4ARN, role) Expect(err).ToNot(HaveOccurred()) - err = f.CloudServices.IAM().DeletePolicy(EKSCNIPolicyV4ARN) + err = f.CloudServices.IAM().DeletePolicy(context.TODO(), EKSCNIPolicyV4ARN) Expect(err).ToNot(HaveOccurred()) // Sleep to allow time for CNI policy detachment @@ -193,8 +197,9 @@ var _ = Describe("ENI Subnet Selection Test", func() { By("Tagging kubernetes.io/role/cn to subnet") _, err = f.CloudServices.EC2(). CreateTags( + context.TODO(), []string{createdSubnet}, - []*ec2.Tag{ + []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cn"), Value: aws.String("1"), @@ -207,8 +212,9 @@ var _ = Describe("ENI Subnet Selection Test", func() { By("Untagging kubernetes.io/role/cn from subnet") _, err = f.CloudServices.EC2(). DeleteTags( + context.TODO(), []string{createdSubnet}, - []*ec2.Tag{ + []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cn"), Value: aws.String("1"), @@ -247,8 +253,9 @@ var _ = Describe("ENI Subnet Selection Test", func() { By("Tagging kubernetes.io/role/cni to subnet") _, err = f.CloudServices.EC2(). CreateTags( + context.TODO(), []string{createdSubnet}, - []*ec2.Tag{ + []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -261,8 +268,9 @@ var _ = Describe("ENI Subnet Selection Test", func() { By("Untagging kubernetes.io/role/cni from subnet") _, err = f.CloudServices.EC2(). DeleteTags( + context.TODO(), []string{createdSubnet}, - []*ec2.Tag{ + []ec2types.Tag{ { Key: aws.String("kubernetes.io/role/cni"), Value: aws.String("1"), @@ -280,7 +288,7 @@ var _ = Describe("ENI Subnet Selection Test", func() { }) func checkSecondaryENISubnets(expectNewCidr bool) { - instance, err := f.CloudServices.EC2().DescribeInstance(*primaryInstance.InstanceId) + instance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), *primaryInstance.InstanceId) Expect(err).ToNot(HaveOccurred()) By("retrieving secondary ENIs") @@ -294,7 +302,7 @@ func checkSecondaryENISubnets(expectNewCidr bool) { By("verifying at least one new Secondary ENI is created") Expect(len(newEniSubnetIds)).Should(BeNumerically(">", 0)) - vpcOutput, err := f.CloudServices.EC2().DescribeVPC(*primaryInstance.VpcId) + vpcOutput, err := f.CloudServices.EC2().DescribeVPC(context.TODO(), *primaryInstance.VpcId) Expect(err).ToNot(HaveOccurred()) expectedCidrRangeString := *vpcOutput.Vpcs[0].CidrBlock @@ -311,7 +319,7 @@ func checkSecondaryENISubnets(expectNewCidr bool) { By(fmt.Sprintf("checking the secondary ENI subnets are in the CIDR %s", expectedCidrRangeString)) for _, subnetID := range newEniSubnetIds { - subnetOutput, err := f.CloudServices.EC2().DescribeSubnet(subnetID) + subnetOutput, err := f.CloudServices.EC2().DescribeSubnet(context.TODO(), subnetID) Expect(err).ToNot(HaveOccurred()) cidrSplit := strings.Split(*subnetOutput.Subnets[0].CidrBlock, "/") actualSubnetIp, _, _ := net.ParseCIDR(*subnetOutput.Subnets[0].CidrBlock) @@ -326,6 +334,6 @@ func RestartAwsNodePods() { podList, err := f.K8sResourceManagers.PodManager().GetPodsWithLabelSelector(AwsNodeLabelKey, utils.AwsNodeName) Expect(err).ToNot(HaveOccurred()) for _, pod := range podList.Items { - f.K8sResourceManagers.PodManager().DeleteAndWaitTillPodDeleted(&pod) + _ = f.K8sResourceManagers.PodManager().DeleteAndWaitTillPodDeleted(&pod) } } diff --git a/test/integration/ipamd/common.go b/test/integration/ipamd/common.go index 589d6430ca..861bfc4174 100644 --- a/test/integration/ipamd/common.go +++ b/test/integration/ipamd/common.go @@ -2,10 +2,10 @@ package ipamd import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" ) -var primaryInstance *ec2.Instance +var primaryInstance types.Instance var f *framework.Framework var err error diff --git a/test/integration/ipamd/eni_ip_leak_test.go b/test/integration/ipamd/eni_ip_leak_test.go index 0e765c6425..cc53b179fa 100644 --- a/test/integration/ipamd/eni_ip_leak_test.go +++ b/test/integration/ipamd/eni_ip_leak_test.go @@ -1,6 +1,7 @@ package ipamd import ( + "context" "time" v1 "k8s.io/api/core/v1" @@ -74,9 +75,9 @@ func getCountOfIPandENIOnPrimaryInstance() (int, int) { return ip, eni } -func getMaxApplicationPodsOnPrimaryInstance() int64 { +func getMaxApplicationPodsOnPrimaryInstance() int32 { instanceType := primaryInstance.InstanceType - instanceInfo, err := f.CloudServices.EC2().DescribeInstanceType(*instanceType) + instanceInfo, err := f.CloudServices.EC2().DescribeInstanceType(context.TODO(), string(instanceType)) Expect(err).NotTo(HaveOccurred()) currInstance := instanceInfo[0] @@ -84,6 +85,6 @@ func getMaxApplicationPodsOnPrimaryInstance() int64 { maxIPPerENI := currInstance.NetworkInfo.Ipv4AddressesPerInterface // Deploy 50% of max pod capacity - maxPods := *maxENI*(*maxIPPerENI-1) - int64(numOfNodes+1) + maxPods := *maxENI*(*maxIPPerENI-1) - int32(numOfNodes+1) return maxPods / 2 } diff --git a/test/integration/ipamd/eni_tag_test.go b/test/integration/ipamd/eni_tag_test.go index 661f900c5e..585209ac21 100644 --- a/test/integration/ipamd/eni_tag_test.go +++ b/test/integration/ipamd/eni_tag_test.go @@ -14,6 +14,7 @@ package ipamd import ( + "context" "encoding/json" "fmt" "time" @@ -50,7 +51,7 @@ var _ = Describe("test tags are created on Secondary ENI", func() { time.Sleep(time.Second * 90) By("getting the list of ENIs before setting ADDITIONAL_ENI_TAGS") - instance, err := f.CloudServices.EC2().DescribeInstance(*primaryInstance.InstanceId) + instance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), *primaryInstance.InstanceId) Expect(err).ToNot(HaveOccurred()) existingENIs := make(map[string]bool) @@ -66,7 +67,7 @@ var _ = Describe("test tags are created on Secondary ENI", func() { time.Sleep(time.Second * 90) By("getting the list of current ENIs by describing the instance") - instance, err = f.CloudServices.EC2().DescribeInstance(*primaryInstance.InstanceId) + instance, err = f.CloudServices.EC2().DescribeInstance(context.TODO(), *primaryInstance.InstanceId) Expect(err).ToNot(HaveOccurred()) for _, nwInterface := range instance.NetworkInterfaces { @@ -82,7 +83,7 @@ var _ = Describe("test tags are created on Secondary ENI", func() { JustAfterEach(func() { envVarToRemove := map[string]struct{}{} - for key, _ := range environmentVariables { + for key := range environmentVariables { envVarToRemove[key] = struct{}{} } @@ -137,7 +138,7 @@ var _ = Describe("test tags are created on Secondary ENI", func() { // VerifyTagIsPresentOnENIs verifies that the list of ENIs have expected tag key-val pair func VerifyTagIsPresentOnENIs(newENIIds []string, expectedTags map[string]string) { By(fmt.Sprintf("Describing the list of new ENI created after seeting env variable %v", newENIIds)) - describeNetworkInterfaceOutput, err := f.CloudServices.EC2().DescribeNetworkInterface(newENIIds) + describeNetworkInterfaceOutput, err := f.CloudServices.EC2().DescribeNetworkInterface(context.TODO(), newENIIds) Expect(err).ToNot(HaveOccurred()) By("verifying the new tags are present on new ENIs") diff --git a/test/integration/ipamd/ipamd_event_test.go b/test/integration/ipamd/ipamd_event_test.go index 638cf5c5c5..f896936d82 100644 --- a/test/integration/ipamd/ipamd_event_test.go +++ b/test/integration/ipamd/ipamd_event_test.go @@ -14,6 +14,7 @@ package ipamd import ( + "context" "fmt" "net/url" "os" @@ -22,7 +23,6 @@ import ( k8sUtil "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/aws" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" v1 "k8s.io/api/core/v1" @@ -62,22 +62,22 @@ var _ = Describe("test aws-node pod event", func() { Expect(err).ToNot(HaveOccurred()) instanceID := k8sUtil.GetInstanceIDFromNode(nodeList.Items[0]) - instance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + instance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) By("getting the node instance role") instanceProfileRoleName := strings.Split(*instance.IamInstanceProfile.Arn, "instance-profile/")[1] - instanceProfileOutput, err := f.CloudServices.IAM().GetInstanceProfile(instanceProfileRoleName) + instanceProfileOutput, err := f.CloudServices.IAM().GetInstanceProfile(context.TODO(), instanceProfileRoleName) Expect(err).ToNot(HaveOccurred()) role = *instanceProfileOutput.InstanceProfile.Roles[0].RoleName } By("Detaching VPC_CNI policy") - err = f.CloudServices.IAM().DetachRolePolicy(EKSCNIPolicyARN, role) + err = f.CloudServices.IAM().DetachRolePolicy(context.TODO(), EKSCNIPolicyARN, role) Expect(err).ToNot(HaveOccurred()) - masterPolicyName = "masters." + *aws.String(f.Options.ClusterName) - nodePolicyName = "nodes." + *aws.String(f.Options.ClusterName) + masterPolicyName = "masters." + f.Options.ClusterName + nodePolicyName = "nodes." + f.Options.ClusterName dummyPolicyDocumentPath := utils.GetProjectRoot() + DummyPolicyDocument dummyRolePolicyBytes, err := os.ReadFile(dummyPolicyDocumentPath) Expect(err).ToNot(HaveOccurred()) @@ -85,19 +85,19 @@ var _ = Describe("test aws-node pod event", func() { dummyRolePolicyData := string(dummyRolePolicyBytes) // For Kops - clusters have an inline role policy defined and has same role and policy name - rolePolicy, err := f.CloudServices.IAM().GetRolePolicy(nodePolicyName, nodePolicyName) + rolePolicy, err := f.CloudServices.IAM().GetRolePolicy(context.TODO(), nodePolicyName, nodePolicyName) if err == nil { By("Detaching the inline role policy for worker instances") rolePolicyDocumentNode, err = url.QueryUnescape(*rolePolicy.PolicyDocument) - err = f.CloudServices.IAM().PutRolePolicy(dummyRolePolicyData, nodePolicyName, nodePolicyName) + err = f.CloudServices.IAM().PutRolePolicy(context.TODO(), dummyRolePolicyData, nodePolicyName, nodePolicyName) Expect(err).ToNot(HaveOccurred()) } - rolePolicy, err = f.CloudServices.IAM().GetRolePolicy(masterPolicyName, masterPolicyName) + rolePolicy, err = f.CloudServices.IAM().GetRolePolicy(context.TODO(), masterPolicyName, masterPolicyName) if err == nil { By("Detaching the inline role policy for master instances") rolePolicyDocumentMaster, err = url.QueryUnescape(*rolePolicy.PolicyDocument) - err = f.CloudServices.IAM().PutRolePolicy(dummyRolePolicyData, masterPolicyName, masterPolicyName) + err = f.CloudServices.IAM().PutRolePolicy(context.TODO(), dummyRolePolicyData, masterPolicyName, masterPolicyName) Expect(err).ToNot(HaveOccurred()) } @@ -121,18 +121,18 @@ var _ = Describe("test aws-node pod event", func() { AfterEach(func() { By("attaching VPC_CNI policy") - err = f.CloudServices.IAM().AttachRolePolicy(EKSCNIPolicyARN, role) + err = f.CloudServices.IAM().AttachRolePolicy(context.TODO(), EKSCNIPolicyARN, role) Expect(err).ToNot(HaveOccurred()) if rolePolicyDocumentNode != "" { By("Attaching the inline role policy for worker Node") - err = f.CloudServices.IAM().PutRolePolicy(rolePolicyDocumentNode, nodePolicyName, nodePolicyName) + err = f.CloudServices.IAM().PutRolePolicy(context.TODO(), rolePolicyDocumentNode, nodePolicyName, nodePolicyName) Expect(err).ToNot(HaveOccurred()) } if rolePolicyDocumentMaster != "" { By("Attaching the inline role policy for Master Nodes") - err = f.CloudServices.IAM().PutRolePolicy(rolePolicyDocumentNode, masterPolicyName, masterPolicyName) + err = f.CloudServices.IAM().PutRolePolicy(context.TODO(), rolePolicyDocumentNode, masterPolicyName, masterPolicyName) Expect(err).ToNot(HaveOccurred()) } @@ -175,6 +175,6 @@ func RestartAwsNodePods() { podList, err := f.K8sResourceManagers.PodManager().GetPodsWithLabelSelector(AwsNodeLabelKey, utils.AwsNodeName) Expect(err).ToNot(HaveOccurred()) for _, pod := range podList.Items { - f.K8sResourceManagers.PodManager().DeleteAndWaitTillPodDeleted(&pod) + _ = f.K8sResourceManagers.PodManager().DeleteAndWaitTillPodDeleted(&pod) } } diff --git a/test/integration/ipamd/ipamd_suite_test.go b/test/integration/ipamd/ipamd_suite_test.go index 2caca00f83..8f359a452b 100644 --- a/test/integration/ipamd/ipamd_suite_test.go +++ b/test/integration/ipamd/ipamd_suite_test.go @@ -14,6 +14,7 @@ package ipamd import ( + "context" "fmt" "testing" "time" @@ -66,7 +67,7 @@ var _ = BeforeSuite(func() { Expect(primaryNode).To(Not(BeNil()), "expected to find a non-tainted node") fmt.Fprintf(GinkgoWriter, "coredns node is %s\n", primaryNode.Name) instanceID := k8sUtils.GetInstanceIDFromNode(*primaryNode) - primaryInstance, err = f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err = f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) By("getting node with no pods scheduled to run tests") @@ -94,7 +95,7 @@ var _ = BeforeSuite(func() { } fmt.Fprintf(GinkgoWriter, "primary node is %s\n", primaryNode.Name) instanceID = k8sUtils.GetInstanceIDFromNode(*primaryNode) - primaryInstance, err = f.CloudServices.EC2().DescribeInstance(instanceID) + primaryInstance, err = f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) // Set default values- WARM_ENI_TARGET to 1, and remove WARM_IP_TARGET, MINIMUM_IP_TARGET and WARM_PREFIX_TARGET diff --git a/test/integration/ipamd/warm_target_test.go b/test/integration/ipamd/warm_target_test.go index 9e5d4ca5b2..a42ef12927 100644 --- a/test/integration/ipamd/warm_target_test.go +++ b/test/integration/ipamd/warm_target_test.go @@ -14,6 +14,7 @@ package ipamd import ( + "context" "strconv" "time" @@ -43,7 +44,7 @@ var _ = Describe("test warm target variables", func() { Eventually(func(g Gomega) { primaryInstance, err = f.CloudServices. - EC2().DescribeInstance(*primaryInstance.InstanceId) + EC2().DescribeInstance(context.TODO(), *primaryInstance.InstanceId) g.Expect(err).ToNot(HaveOccurred()) // Validate number of allocated ENIs @@ -104,7 +105,7 @@ var _ = Describe("test warm target variables", func() { var availIPs int // Query the EC2 Instance to get the list of available IPs on the instance primaryInstance, err = f.CloudServices. - EC2().DescribeInstance(*primaryInstance.InstanceId) + EC2().DescribeInstance(context.TODO(), *primaryInstance.InstanceId) g.Expect(err).ToNot(HaveOccurred()) // Sum all the IPs on all network interfaces minus the primary IPv4 address per ENI diff --git a/test/integration/ipamd/warm_target_test_PD_enabled.go b/test/integration/ipamd/warm_target_test_PD_enabled.go index 59c1ff402d..750df2e8f8 100644 --- a/test/integration/ipamd/warm_target_test_PD_enabled.go +++ b/test/integration/ipamd/warm_target_test_PD_enabled.go @@ -14,9 +14,12 @@ package ipamd import ( + "context" "strconv" "time" + "github.com/aws/aws-sdk-go-v2/aws" + k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" @@ -48,7 +51,7 @@ var _ = Describe("test warm target variables", func() { Eventually(func(g Gomega) { // Query the EC2 Instance to get the list of available Prefixes on the instance primaryInstance, err = f.CloudServices. - EC2().DescribeInstance(*primaryInstance.InstanceId) + EC2().DescribeInstance(context.TODO(), aws.ToString(primaryInstance.InstanceId)) g.Expect(err).ToNot(HaveOccurred()) // Sum all the IPs on all network interfaces minus the primary IPv4 address per ENI @@ -135,7 +138,7 @@ var _ = Describe("test warm target variables", func() { var availPrefixes int // Query the EC2 Instance to get the list of available Prefixes on the instance primaryInstance, err = f.CloudServices. - EC2().DescribeInstance(*primaryInstance.InstanceId) + EC2().DescribeInstance(context.TODO(), aws.ToString(primaryInstance.InstanceId)) g.Expect(err).ToNot(HaveOccurred()) // Sum all the IPs on all network interfaces minus the primary IPv4 address per ENI @@ -187,7 +190,7 @@ var _ = Describe("test warm target variables", func() { // Query the EC2 Instance to get the list of available Prefixes on the instance primaryInstance, err = f.CloudServices. - EC2().DescribeInstance(*primaryInstance.InstanceId) + EC2().DescribeInstance(context.TODO(), aws.ToString(primaryInstance.InstanceId)) Expect(err).ToNot(HaveOccurred()) // Sum all the IPs on all network interfaces minus the primary IPv4 address per ENI diff --git a/test/integration/ipv6/pod_v6_networking_suite_test.go b/test/integration/ipv6/pod_v6_networking_suite_test.go index d51b013e98..6e96786aed 100644 --- a/test/integration/ipv6/pod_v6_networking_suite_test.go +++ b/test/integration/ipv6/pod_v6_networking_suite_test.go @@ -26,8 +26,6 @@ import ( v1 "k8s.io/api/core/v1" ) -const InstanceTypeNodeLabelKey = "beta.kubernetes.io/instance-type" - var primaryNode v1.Node func TestCNIv6PodNetworking(t *testing.T) { @@ -39,8 +37,7 @@ var _ = BeforeSuite(func() { f = framework.New(framework.GlobalOptions) By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). - CreateNamespace(utils.DefaultTestNamespace) + _ = f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace) By(fmt.Sprintf("getting the node with the node label key %s and value %s", f.Options.NgNameLabelKey, f.Options.NgNameLabelVal)) @@ -56,8 +53,7 @@ var _ = BeforeSuite(func() { var _ = AfterSuite(func() { By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). - DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) + _ = f.K8sResourceManagers.NamespaceManager().DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) k8sUtils.UpdateEnvVarOnDaemonSetAndWaitUntilReady(f, "aws-node", "kube-system", "aws-node", map[string]string{ diff --git a/test/integration/metrics-helper/metric_helper_test.go b/test/integration/metrics-helper/metric_helper_test.go index 57e636ddaf..8d608b6ded 100644 --- a/test/integration/metrics-helper/metric_helper_test.go +++ b/test/integration/metrics-helper/metric_helper_test.go @@ -14,6 +14,7 @@ package metrics_helper import ( + "context" "fmt" "math" "time" @@ -21,8 +22,10 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cloudwatch" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/cloudwatch" + cloudwatchtypes "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" v1 "k8s.io/api/apps/v1" @@ -48,7 +51,7 @@ var _ = Describe("test cni-metrics-helper publishes metrics", func() { time.Sleep(time.Minute * 3) getMetricStatisticsInput := &cloudwatch.GetMetricStatisticsInput{ - Dimensions: []*cloudwatch.Dimension{ + Dimensions: []cloudwatchtypes.Dimension{ { Name: aws.String("CLUSTER_ID"), Value: aws.String(ngName), @@ -56,17 +59,17 @@ var _ = Describe("test cni-metrics-helper publishes metrics", func() { }, MetricName: aws.String("addReqCount"), Namespace: aws.String("Kubernetes"), - Period: aws.Int64(int64(30)), - // Start time should sync with when when this test started + Period: aws.Int32(int32(30)), + // Start time should sync with when this test started StartTime: aws.Time(time.Now().Add(time.Duration(-10) * time.Minute)), EndTime: aws.Time(time.Now()), - Statistics: aws.StringSlice([]string{"Maximum"}), + Statistics: []cloudwatchtypes.Statistic{cloudwatchtypes.StatisticMaximum}, } - getMetricOutput, err := f.CloudServices.CloudWatch().GetMetricStatistics(getMetricStatisticsInput) + getMetricOutput, err := f.CloudServices.CloudWatch().GetMetricStatistics(context.TODO(), getMetricStatisticsInput) Expect(err).ToNot(HaveOccurred()) dataPoints := getMetricOutput.Datapoints - fmt.Fprintf(GinkgoWriter, "data points: %+v", dataPoints) + _, _ = fmt.Fprintf(GinkgoWriter, "data points: %+v", dataPoints) By("validating at least 2 metrics are published to CloudWatch") Expect(len(dataPoints)).Should(BeNumerically(">=", 2)) diff --git a/test/integration/metrics-helper/metrics_helper_suite_test.go b/test/integration/metrics-helper/metrics_helper_suite_test.go index 51d2151792..650952d2c6 100644 --- a/test/integration/metrics-helper/metrics_helper_suite_test.go +++ b/test/integration/metrics-helper/metrics_helper_suite_test.go @@ -14,6 +14,7 @@ package metrics_helper import ( + "context" "flag" "fmt" "strings" @@ -73,8 +74,7 @@ var _ = BeforeSuite(func() { f = framework.New(framework.GlobalOptions) By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). - CreateNamespace(utils.DefaultTestNamespace) + _ = f.K8sResourceManagers.NamespaceManager().CreateNamespace(utils.DefaultTestNamespace) By("getting the node list") nodeList, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey, f.Options.NgNameLabelVal) @@ -94,7 +94,7 @@ var _ = BeforeSuite(func() { Expect(instanceID).ToNot(Equal(""), "expected to find a non-tainted node") By("getting the nodegroup name and instance profile") - instance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + instance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).ToNot(HaveOccurred()) instanceTagKeyValuePair := map[string]string{ @@ -119,11 +119,11 @@ var _ = BeforeSuite(func() { if ngName == "" { ngName = DEFAULT_CLUSTER_ID } - fmt.Fprintf(GinkgoWriter, "cluster name: %s\n", ngName) + _, _ = fmt.Fprintf(GinkgoWriter, "cluster name: %s\n", ngName) By("getting the node instance role") instanceProfileRoleName := strings.Split(*instance.IamInstanceProfile.Arn, "instance-profile/")[1] - instanceProfileOutput, err := f.CloudServices.IAM().GetInstanceProfile(instanceProfileRoleName) + instanceProfileOutput, err := f.CloudServices.IAM().GetInstanceProfile(context.TODO(), instanceProfileRoleName) Expect(err).ToNot(HaveOccurred()) ngRoleName = *instanceProfileOutput.InstanceProfile.Roles[0].RoleName @@ -131,7 +131,7 @@ var _ = BeforeSuite(func() { // We should ideally use the PathPrefix argument to list the policy, but this is returning an empty list. So workaround by listing local policies & filter // SO issue: https://stackoverflow.com/questions/66287626/aws-cli-list-policies-to-find-a-policy-with-a-specific-name - policyList, err := f.CloudServices.IAM().ListPolicies("Local") + policyList, err := f.CloudServices.IAM().ListPolicies(context.TODO(), "Local") Expect(err).ToNot(HaveOccurred()) for _, item := range policyList.Policies { @@ -141,7 +141,7 @@ var _ = BeforeSuite(func() { } } - err = f.CloudServices.IAM().AttachRolePolicy(policyARN, ngRoleName) + err = f.CloudServices.IAM().AttachRolePolicy(context.TODO(), policyARN, ngRoleName) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("unable to attach arn: %s role: %s", policyARN, ngRoleName)) By("updating the aws-nodes to restart the metric count") @@ -162,13 +162,12 @@ var _ = AfterSuite(func() { Expect(err).ToNot(HaveOccurred()) By("detaching role policy from the node IAM Role") - err = f.CloudServices.IAM().DetachRolePolicy(policyARN, ngRoleName) + err = f.CloudServices.IAM().DetachRolePolicy(context.TODO(), policyARN, ngRoleName) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("unable to detach %s %s", policyARN, ngRoleName)) k8sUtil.RemoveVarFromDaemonSetAndWaitTillUpdated(f, utils.AwsNodeName, utils.AwsNodeNamespace, utils.AwsNodeName, map[string]struct{}{"SOME_NON_EXISTENT_VAR": {}}) By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). - DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) + _ = f.K8sResourceManagers.NamespaceManager().DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) }) diff --git a/test/integration/pod-eni/security_group_per_pod_suite_test.go b/test/integration/pod-eni/security_group_per_pod_suite_test.go index f9430ee9c1..eccfe6db51 100644 --- a/test/integration/pod-eni/security_group_per_pod_suite_test.go +++ b/test/integration/pod-eni/security_group_per_pod_suite_test.go @@ -14,6 +14,7 @@ package pod_eni import ( + "context" "fmt" "testing" @@ -60,13 +61,13 @@ var _ = BeforeSuite(func() { f = framework.New(framework.GlobalOptions) By("checking if cluster address family is IPv4 or IPv6") - clusterOutput, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + clusterOutput, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) Expect(err).NotTo(HaveOccurred()) - if *clusterOutput.Cluster.KubernetesNetworkConfig.IpFamily == "ipv4" { + if clusterOutput.Cluster.KubernetesNetworkConfig.IpFamily == "ipv4" { isIPv4Cluster = true - fmt.Fprint(GinkgoWriter, "cluster is IPv4\n") + _, _ = fmt.Fprint(GinkgoWriter, "cluster is IPv4\n") } else { - fmt.Fprint(GinkgoWriter, "cluster is IPv6\n") + _, _ = fmt.Fprint(GinkgoWriter, "cluster is IPv6\n") } By("creating a new security group used in Security Group Policy") @@ -76,19 +77,19 @@ var _ = BeforeSuite(func() { } else { sgName = "pod-eni-automation-v6" } - securityGroupOutput, err := f.CloudServices.EC2().CreateSecurityGroup(sgName, + securityGroupOutput, err := f.CloudServices.EC2().CreateSecurityGroup(context.TODO(), sgName, "test created by vpc cni automation test suite", f.Options.AWSVPCID) Expect(err).ToNot(HaveOccurred()) securityGroupId = *securityGroupOutput.GroupId By("authorizing egress and ingress on security group for client-server communication") if isIPv4Cluster { - f.CloudServices.EC2().AuthorizeSecurityGroupEgress(securityGroupId, "tcp", openPort, openPort, v4Zero) - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(securityGroupId, "tcp", openPort, openPort, v4Zero, false) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupEgress(context.TODO(), securityGroupId, "tcp", openPort, openPort, v4Zero) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), securityGroupId, "tcp", openPort, openPort, v4Zero, false) } else { - f.CloudServices.EC2().AuthorizeSecurityGroupEgress(securityGroupId, "tcp", openPort, openPort, v6Zero) - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(securityGroupId, "tcp", openPort, openPort, v6Zero, false) - f.CloudServices.EC2().AuthorizeSecurityGroupIngress(securityGroupId, "icmpv6", -1, -1, v6Zero, false) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupEgress(context.TODO(), securityGroupId, "tcp", openPort, openPort, v6Zero) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), securityGroupId, "tcp", openPort, openPort, v6Zero, false) + _ = f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), securityGroupId, "icmpv6", -1, -1, v6Zero, false) } By("getting branch ENI limits") @@ -99,12 +100,12 @@ var _ = BeforeSuite(func() { node := nodeList.Items[0] instanceID := k8sUtils.GetInstanceIDFromNode(node) - nodeInstance, err := f.CloudServices.EC2().DescribeInstance(instanceID) - instanceType := *nodeInstance.InstanceType - totalBranchInterface = vpc.Limits[instanceType].BranchInterface * numNodes + nodeInstance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) + instanceType := nodeInstance.InstanceType + totalBranchInterface = vpc.Limits[string(instanceType)].BranchInterface * numNodes By("Getting Cluster Security Group ID") - clusterRes, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + clusterRes, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) Expect(err).NotTo(HaveOccurred()) clusterSGID = *(clusterRes.Cluster.ResourcesVpcConfig.ClusterSecurityGroupId) fmt.Fprintf(GinkgoWriter, "cluster security group is %s\n", clusterSGID) @@ -137,6 +138,6 @@ var _ = AfterSuite(func() { Expect(err).ToNot(HaveOccurred()) By("deleting the security group") - err = f.CloudServices.EC2().DeleteSecurityGroup(securityGroupId) + err = f.CloudServices.EC2().DeleteSecurityGroup(context.TODO(), securityGroupId) Expect(err).ToNot(HaveOccurred()) }) diff --git a/test/integration/pod-eni/security_group_per_pod_test.go b/test/integration/pod-eni/security_group_per_pod_test.go index 8c92e8a6b5..12e1dc4b24 100644 --- a/test/integration/pod-eni/security_group_per_pod_test.go +++ b/test/integration/pod-eni/security_group_per_pod_test.go @@ -14,6 +14,7 @@ package pod_eni import ( + "context" "encoding/json" "fmt" "time" @@ -57,7 +58,7 @@ var _ = Describe("Security Group for Pods Test", func() { JustBeforeEach(func() { By("creating test namespace") - f.K8sResourceManagers.NamespaceManager(). + _ = f.K8sResourceManagers.NamespaceManager(). CreateNamespace(utils.DefaultTestNamespace) serverDeploymentBuilder = manifest.NewDefaultDeploymentBuilder(). @@ -78,11 +79,11 @@ var _ = Describe("Security Group for Pods Test", func() { JustAfterEach(func() { By("deleting test namespace") - f.K8sResourceManagers.NamespaceManager(). + _ = f.K8sResourceManagers.NamespaceManager(). DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace) By("Deleting Security Group Policy") - f.K8sResourceManagers.CustomResourceManager().DeleteResource(securityGroupPolicy) + _ = f.K8sResourceManagers.CustomResourceManager().DeleteResource(securityGroupPolicy) By("waiting for the branch ENI to be cooled down") time.Sleep(time.Second * 60) @@ -126,10 +127,10 @@ var _ = Describe("Security Group for Pods Test", func() { // 8080: metric-pod listener port By("Adding an additional Ingress Rule on NodeSecurityGroupID to allow client-to-metric traffic") if isIPv4Cluster { - err := f.CloudServices.EC2().AuthorizeSecurityGroupIngress(clusterSGID, "TCP", metricsPort, metricsPort, v4Zero, false) + err := f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), clusterSGID, "TCP", metricsPort, metricsPort, v4Zero, false) Expect(err).ToNot(HaveOccurred()) } else { - err := f.CloudServices.EC2().AuthorizeSecurityGroupIngress(clusterSGID, "TCP", metricsPort, metricsPort, v6Zero, false) + err := f.CloudServices.EC2().AuthorizeSecurityGroupIngress(context.TODO(), clusterSGID, "TCP", metricsPort, metricsPort, v6Zero, false) Expect(err).ToNot(HaveOccurred()) } }) @@ -160,10 +161,10 @@ var _ = Describe("Security Group for Pods Test", func() { // Revoke the Ingress rule for traffic from client pods added to Node Security Group By("Revoking the additional Ingress rule added to allow client-to-metric traffic") if isIPv4Cluster { - err := f.CloudServices.EC2().RevokeSecurityGroupIngress(clusterSGID, "TCP", metricsPort, metricsPort, v4Zero, false) + err := f.CloudServices.EC2().RevokeSecurityGroupIngress(context.TODO(), clusterSGID, "TCP", metricsPort, metricsPort, v4Zero, false) Expect(err).ToNot(HaveOccurred()) } else { - err := f.CloudServices.EC2().RevokeSecurityGroupIngress(clusterSGID, "TCP", metricsPort, metricsPort, v6Zero, false) + err := f.CloudServices.EC2().RevokeSecurityGroupIngress(context.TODO(), clusterSGID, "TCP", metricsPort, metricsPort, v6Zero, false) Expect(err).ToNot(HaveOccurred()) } }) @@ -247,7 +248,7 @@ var _ = Describe("Security Group for Pods Test", func() { pod, err := f.K8sResourceManagers.PodManager().CreateAndWaitTillRunning(pod) Expect(err).ToNot(HaveOccurred()) - ValidatePodsHaveBranchENI(v1.PodList{Items: []v1.Pod{*pod}}) + _ = ValidatePodsHaveBranchENI(v1.PodList{Items: []v1.Pod{*pod}}) timeAfterLivelinessProbeFails := initialDelay + (periodSecond * failureCount) + 10 @@ -396,7 +397,7 @@ func ValidateHostNetworking(testType TestType, podValidationInputString string) PodLogs(testPod.Namespace, testPod.Name) Expect(errLogs).ToNot(HaveOccurred()) - fmt.Fprintln(GinkgoWriter, logs) + _, _ = fmt.Fprintln(GinkgoWriter, logs) By("deleting the host networking setup pod") err = f.K8sResourceManagers.PodManager(). diff --git a/test/integration/snat/snat_suite_test.go b/test/integration/snat/snat_suite_test.go index 9b09738b44..69dd289d9e 100644 --- a/test/integration/snat/snat_suite_test.go +++ b/test/integration/snat/snat_suite_test.go @@ -1,16 +1,19 @@ package snat import ( + "context" "fmt" "net/url" "path" "strings" "testing" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/amazon-vpc-cni-k8s/test/framework" "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/aws/utils" testUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" v1 "k8s.io/api/core/v1" @@ -58,7 +61,7 @@ var _ = BeforeSuite(func() { msg := fmt.Sprintf("Creating a keyPair with name: %s if it doesn't exist", DEFAULT_KEY_PAIR) By(msg) - keyPairOutput, _ := f.CloudServices.EC2().DescribeKey(DEFAULT_KEY_PAIR) + keyPairOutput, _ := f.CloudServices.EC2().DescribeKey(context.TODO(), DEFAULT_KEY_PAIR) exists := false if keyPairOutput != nil { @@ -71,17 +74,17 @@ var _ = BeforeSuite(func() { } if exists { - fmt.Fprintln(GinkgoWriter, "KeyPair already exists") + _, _ = fmt.Fprintln(GinkgoWriter, "KeyPair already exists") } else { - fmt.Fprintln(GinkgoWriter, "KeyPair doesn't exist, will be created") - _, err := f.CloudServices.EC2().CreateKey(DEFAULT_KEY_PAIR) + _, _ = fmt.Fprintln(GinkgoWriter, "KeyPair doesn't exist, will be created") + _, err := f.CloudServices.EC2().CreateKey(context.TODO(), DEFAULT_KEY_PAIR) Expect(err).NotTo(HaveOccurred()) } privateSubnetId = vpcConfig.PrivateSubnetList[0] By("Getting Cluster Security Group Id") - out, err := f.CloudServices.EKS().DescribeCluster(f.Options.ClusterName) + out, err := f.CloudServices.EKS().DescribeCluster(context.TODO(), f.Options.ClusterName) Expect(err).NotTo(HaveOccurred()) clusterSecurityGroupId := out.Cluster.ResourcesVpcConfig.ClusterSecurityGroupId @@ -121,20 +124,20 @@ var _ = BeforeSuite(func() { By("Fetching existing Security Groups from the newly created node group instance") - instance, err := f.CloudServices.EC2().DescribeInstance(instanceID) + instance, err := f.CloudServices.EC2().DescribeInstance(context.TODO(), instanceID) Expect(err).NotTo(HaveOccurred()) existingSecurityGroups := instance.SecurityGroups networkInterfaceId := getPrimaryNetworkInterfaceId(instance.NetworkInterfaces, instance.PrivateIpAddress) Expect(networkInterfaceId).NotTo(Equal(BeNil())) - securityGroupIds := make([]*string, 0, len(existingSecurityGroups)+1) + securityGroupIds := make([]string, 0, len(existingSecurityGroups)+1) for _, sg := range existingSecurityGroups { - securityGroupIds = append(securityGroupIds, sg.GroupId) + securityGroupIds = append(securityGroupIds, aws.ToString(sg.GroupId)) } - securityGroupIds = append(securityGroupIds, clusterSecurityGroupId) + securityGroupIds = append(securityGroupIds, aws.ToString(clusterSecurityGroupId)) By("Adding ClusterSecurityGroup to the new nodegroup Instance") - _, err = f.CloudServices.EC2().ModifyNetworkInterfaceSecurityGroups(securityGroupIds, networkInterfaceId) + _, err = f.CloudServices.EC2().ModifyNetworkInterfaceSecurityGroups(context.TODO(), securityGroupIds, networkInterfaceId) Expect(err).NotTo(HaveOccurred()) }) @@ -142,7 +145,7 @@ var _ = AfterSuite(func() { //using default key pair created by test if DEFAULT_KEY_PAIR == "test-key-pair" { By("Deleting key-pair") - err := f.CloudServices.EC2().DeleteKey(DEFAULT_KEY_PAIR) + err := f.CloudServices.EC2().DeleteKey(context.TODO(), DEFAULT_KEY_PAIR) Expect(err).NotTo(HaveOccurred()) } @@ -155,7 +158,7 @@ var _ = AfterSuite(func() { Expect(err).NotTo(HaveOccurred()) }) -func getPrimaryNetworkInterfaceId(networkInterfaces []*ec2.InstanceNetworkInterface, instanceIPAddr *string) *string { +func getPrimaryNetworkInterfaceId(networkInterfaces []ec2types.InstanceNetworkInterface, instanceIPAddr *string) *string { for _, ni := range networkInterfaces { if strings.Compare(*ni.PrivateIpAddress, *instanceIPAddr) == 0 { return ni.NetworkInterfaceId diff --git a/test/integration/snat/snat_test.go b/test/integration/snat/snat_test.go index f95b6854f6..e78e53f851 100644 --- a/test/integration/snat/snat_test.go +++ b/test/integration/snat/snat_test.go @@ -1,21 +1,20 @@ package snat import ( + "context" "fmt" "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils" "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go-v2/aws" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" ) const ( - TEST_POD_LABEL_KEY = "test-pod-label-key" - TEST_POD_LABEL_VALUE = "test-pod-label-val" - EXTERNAL_DOMAIN = "https://aws.amazon.com/" + EXTERNAL_DOMAIN = "https://aws.amazon.com/" ) var _ = Describe("SNAT tests", func() { @@ -47,13 +46,13 @@ var _ = Describe("SNAT tests", func() { Context("Validate AWS_VPC_K8S_CNI_RANDOMIZESNAT", func() { It("Verify SNAT IP table rule by changing AWS_VPC_K8S_CNI_RANDOMIZESNAT", func() { - vpcOutput, err := f.CloudServices.EC2().DescribeVPC(f.Options.AWSVPCID) + vpcOutput, err := f.CloudServices.EC2().DescribeVPC(context.TODO(), f.Options.AWSVPCID) Expect(err).NotTo(HaveOccurred()) Expect(len(vpcOutput.Vpcs)).To(BeNumerically(">", 0)) numOfCidrs := 0 for _, vpc := range vpcOutput.Vpcs[0].CidrBlockAssociationSet { - if *vpc.CidrBlockState.State == "associated" { + if vpc.CidrBlockState.State == "associated" { numOfCidrs = numOfCidrs + 1 } } @@ -74,14 +73,14 @@ var _ = Describe("SNAT tests", func() { Context("Validate AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS", func() { It("Verify External Domain Connectivity by modifying AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS", func() { By("Getting CIDR for primary node's private subnet") - out, err := f.CloudServices.EC2().DescribeSubnet(privateSubnetId) + out, err := f.CloudServices.EC2().DescribeSubnet(context.TODO(), privateSubnetId) Expect(err).NotTo(HaveOccurred()) Expect(len(out.Subnets)).To(BeNumerically(">", 0)) cidrBlock := out.Subnets[0].CidrBlock By("Updating AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS with private subnet CIDR") k8sUtils.AddEnvVarToDaemonSetAndWaitTillUpdated(f, utils.AwsNodeName, utils.AwsNodeNamespace, utils.AwsNodeName, map[string]string{ - "AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS": aws.StringValue(cidrBlock), + "AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS": aws.ToString(cidrBlock), }) By("Check External domain connectivity from this private subnet CIDR block") @@ -127,7 +126,7 @@ func ValidateExternalDomainConnectivity(url string) { PodLogs(testPod.Namespace, testPod.Name) Expect(errLogs).ToNot(HaveOccurred()) - fmt.Fprintln(GinkgoWriter, logs) + _, _ = fmt.Fprintln(GinkgoWriter, logs) By("deleting the test pod") err = f.K8sResourceManagers.PodManager(). @@ -167,7 +166,7 @@ func ValidateIPTableRules(randomizedSNATValue string, numOfCidrs int) { PodLogs(hostNetworkPod.Namespace, hostNetworkPod.Name) Expect(errLogs).ToNot(HaveOccurred()) - fmt.Fprintln(GinkgoWriter, logs) + _, _ = fmt.Fprintln(GinkgoWriter, logs) By("deleting the host networking setup pod") err = f.K8sResourceManagers.PodManager(). diff --git a/utils/imds/imds.go b/utils/imds/imds.go index 92a77be604..c10f022277 100644 --- a/utils/imds/imds.go +++ b/utils/imds/imds.go @@ -1,28 +1,36 @@ package imds import ( + "context" "fmt" + "io" - "github.com/aws/aws-sdk-go/aws" - ec2metadatasvc "github.com/aws/aws-sdk-go/aws/ec2metadata" - "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" ) // EC2Metadata wraps the methods from the amazon-sdk-go's ec2metadata package -type EC2Metadata interface { - GetMetadata(path string) (string, error) - Region() (string, error) -} +// type EC2Metadata interface { +// GetMetadata(path string) (string, error) +// Region() (string, error) +// } func GetMetaData(key string) (string, error) { - awsSession := session.Must(session.NewSession(aws.NewConfig(). - WithMaxRetries(10), - )) - var ec2Metadata EC2Metadata - ec2Metadata = ec2metadatasvc.New(awsSession) - requestedData, err := ec2Metadata.GetMetadata(key) + cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRetryMaxAttempts(10)) + if err != nil { + return "", fmt.Errorf("unable to load SDK config, %v", err) + } + + client := imds.NewFromConfig(cfg) + requestedData, err := client.GetMetadata(context.TODO(), &imds.GetMetadataInput{ + Path: key, + }) if err != nil { return "", fmt.Errorf("get instance metadata: failed to retrieve %s - %s", key, err) } - return requestedData, nil + content, err := io.ReadAll(requestedData.Content) + if err != nil { + return "", fmt.Errorf("get instance metadata: failed to read %s - %s", key, err) + } + return string(content), nil } From 5bcc56133797561beca86279cc995955550e428d Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Mon, 9 Dec 2024 20:19:43 -0800 Subject: [PATCH 16/60] Handle EKS Service for the Beta Endpoint. (#3143) --- test/framework/resources/aws/services/eks.go | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/test/framework/resources/aws/services/eks.go b/test/framework/resources/aws/services/eks.go index 4b3ed762b5..907a06e68e 100644 --- a/test/framework/resources/aws/services/eks.go +++ b/test/framework/resources/aws/services/eks.go @@ -47,12 +47,20 @@ type AddonInput struct { func NewEKS(cfg aws.Config, endpoint string) (EKS, error) { var err error - + var customResolver aws.EndpointResolverWithOptions if endpoint != "" { - customResolver := aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) { - return aws.Endpoint{ - URL: endpoint, - }, nil + // EKS Custom endpoint resolver needs PartitionID, SingingRegion and URL for handling STS requests. + // TODO: default to "aws" partition for now as it handled only tests. Provide option to pass partitionID. + customResolver = aws.EndpointResolverWithOptionsFunc(func(service, region string, options ...interface{}) (aws.Endpoint, error) { + if service == eks.ServiceID { + return aws.Endpoint{ + PartitionID: "aws", + URL: endpoint, + SigningRegion: region, + }, nil + } + // Fallback to default endpoint resolution for non EKS Services. + return aws.Endpoint{}, &aws.EndpointNotFoundError{} }) cfg, err = config.LoadDefaultConfig(context.Background(), config.WithEndpointResolverWithOptions(customResolver), From ec4f86da59539b7acb05a67523b5ee1efdb59dc3 Mon Sep 17 00:00:00 2001 From: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Date: Fri, 13 Dec 2024 14:11:06 -0800 Subject: [PATCH 17/60] Adding multus v4.1.4 manifest (#3154) --- .../multus-daemonset-thick.yml | 260 ++++++++++++++++++ scripts/run-multus-tests.sh | 2 +- 2 files changed, 261 insertions(+), 1 deletion(-) create mode 100644 config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml diff --git a/config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml b/config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml new file mode 100644 index 0000000000..895f83040d --- /dev/null +++ b/config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml @@ -0,0 +1,260 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: + - kind: ServiceAccount + name: multus + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-daemon-config + namespace: kube-system + labels: + tier: node + app: multus +data: + daemon-config.json: | + { + "chrootDir": "/hostroot", + "confDir": "/host/etc/cni/net.d", + "logFile": "/var/log/multus.log", + "logLevel": "verbose", + "socketDir": "/host/run/multus/", + "cniVersion": "0.3.1", + "logToStderr": true, + "cniConfigDir": "/host/etc/cni/net.d", + "multusConfigFile": "auto", + "multusAutoconfigDir": "/host/etc/cni/net.d", + "multusMasterCNI": "10-aws.conflist" + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-multus-ds + namespace: kube-system + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + hostNetwork: true + hostPID: true + tolerations: + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute + serviceAccountName: multus + containers: + - name: kube-multus + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/multus-cni:v4.1.4-eksbuild.1_thick + command: [ "/usr/src/multus-cni/bin/multus-daemon" ] + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + # multus-daemon expects that cnibin path must be identical between pod and container host. + + # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, + + # not to any other directory, like '/opt/bin' or '/usr/bin'. + + - name: cnibin + mountPath: /opt/cni/bin + - name: host-run + mountPath: /host/run + - name: host-var-lib-cni-multus + mountPath: /var/lib/cni/multus + - name: host-var-lib-kubelet + mountPath: /var/lib/kubelet + mountPropagation: HostToContainer + - name: host-run-k8s-cni-cncf-io + mountPath: /run/k8s.cni.cncf.io + - name: host-run-netns + mountPath: /run/netns + mountPropagation: HostToContainer + - name: multus-daemon-config + mountPath: /etc/cni/net.d/multus.d + readOnly: true + - name: hostroot + mountPath: /hostroot + mountPropagation: HostToContainer + env: + - name: MULTUS_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + initContainers: + - name: install-multus-binary + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/multus-cni:v4.1.4-eksbuild.1_thick + command: + - "cp" + - "/usr/src/multus-cni/bin/multus-shim" + - "/host/opt/cni/bin/multus-shim" + resources: + requests: + cpu: "10m" + memory: "15Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + terminationGracePeriodSeconds: 10 + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: hostroot + hostPath: + path: / + - name: multus-daemon-config + configMap: + name: multus-daemon-config + items: + - key: daemon-config.json + path: daemon-config.json + - name: host-run + hostPath: + path: /run + - name: host-var-lib-cni-multus + hostPath: + path: /var/lib/cni/multus + - name: host-var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: host-run-k8s-cni-cncf-io + hostPath: + path: /run/k8s.cni.cncf.io + - name: host-run-netns + hostPath: + path: /run/netns/ diff --git a/scripts/run-multus-tests.sh b/scripts/run-multus-tests.sh index 30ca2f282c..322c2f2f15 100755 --- a/scripts/run-multus-tests.sh +++ b/scripts/run-multus-tests.sh @@ -22,7 +22,7 @@ check_is_installed ginkgo load_cluster_details -LATEST_TAG=${1:-v3.8.0-eksbuild.1} +LATEST_TAG=${1:-v4.1.4-eksbuild.1_thick} echo "Installing latest multus manifest with tag: ${LATEST_TAG}" kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/multus/${LATEST_TAG}/aws-k8s-multus.yaml From 2a63452527948a25f3c06ceccf2b1f848931b0af Mon Sep 17 00:00:00 2001 From: Shehbaj Dhillon Date: Thu, 19 Dec 2024 16:55:25 -0800 Subject: [PATCH 18/60] scripts integration: capture exit codes from both tests (#3149) --- scripts/lib/integration.sh | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/scripts/lib/integration.sh b/scripts/lib/integration.sh index 53a1d75f89..f7b01f1ad6 100644 --- a/scripts/lib/integration.sh +++ b/scripts/lib/integration.sh @@ -35,21 +35,27 @@ function run_kops_conformance() { # Run the focused set of tests with detailed logging TEST_START=$SECONDS - set -o pipefail # Ensure we catch test failures + TEST_RESULT=success /tmp/e2e.test --ginkgo.focus="Conformance" --ginkgo.timeout=120m --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.trace --ginkgo.flake-attempts 8 \ - --ginkgo.skip="(works for CRD with validation schema)|(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|(Basic StatefulSet functionality [StatefulSetBasic])|\[Slow\]|\[Serial\]" + --ginkgo.skip="(works for CRD with validation schema)|(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|(Basic StatefulSet functionality [StatefulSetBasic])|\[Slow\]|\[Serial\]" || TEST_RESULT=fail /tmp/e2e.test --ginkgo.focus="\[Serial\].*Conformance" --ginkgo.timeout=120m --kubeconfig=$KUBECONFIG --ginkgo.v --ginkgo.trace --ginkgo.flake-attempts 8 \ - --ginkgo.skip="(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|\[Slow\]" - echo "Kops conformance tests ran successfully!" + --ginkgo.skip="(ServiceAccountIssuerDiscovery should support OIDC discovery of service account issuer)|(should support remote command execution over websockets)|(should support retrieving logs from the container over websockets)|\[Slow\]" || TEST_RESULT=fail - TEST_EXIT_CODE=$? TEST_DURATION=$((SECONDS - TEST_START)) echo "=== Test Results ===" echo "Test duration: $TEST_DURATION seconds" - echo "Exit code: $TEST_EXIT_CODE" + echo "Test result: $TEST_RESULT" + + # If any test failed, return failure + if [[ "$TEST_RESULT" == "fail" ]]; then + echo "One or more test suites failed!" + exit 1 + fi + + echo "All test suites passed successfully!" # Show cluster state after tests echo "=== Cluster State After Tests ===" @@ -70,7 +76,7 @@ function run_kops_conformance() { sleep 240 # Exit with the test exit code - return $TEST_EXIT_CODE + return 0 } function build_and_push_image() { From 4ee9789484258d1ae8f6bf36859ea325097d5d7b Mon Sep 17 00:00:00 2001 From: Omer Aplatony Date: Wed, 25 Dec 2024 03:50:55 +0200 Subject: [PATCH 19/60] fix(test): add volume mount for docker-func-test target (#3160) Signed-off-by: Omer Aplatony --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 375a7706ec..6a8947e1d7 100644 --- a/Makefile +++ b/Makefile @@ -173,8 +173,12 @@ docker-init: ## Build VPC CNI plugin Init container image. # Run the built CNI container image to use in functional testing docker-func-test: docker ## Run the built CNI container image to use in functional testing + rm -rf /tmp/cni/bin + mkdir -p /tmp/cni/bin docker run $(DOCKER_RUN_FLAGS) \ + -v /tmp/cni/bin:/host/opt/cni/bin \ "$(IMAGE_NAME)" + rm -rf /tmp/cni/bin ## Build multi-arch VPC CNI plugin container image. multi-arch-cni-build: From cc14878abc6a65c462d7c59ec1cfb87318b3fbd6 Mon Sep 17 00:00:00 2001 From: Shehbaj Dhillon Date: Thu, 2 Jan 2025 14:52:49 -0800 Subject: [PATCH 20/60] cni-metrics-helper metrics: do type assertion before type casting (#3152) * cni-metrics-helper metrics: do type assertion before type casting * utils prometheusmetrics: remove counters from cni metrics mapping func --- .../metrics/cni_metrics_test.go | 170 +++++++++++++++++- cmd/cni-metrics-helper/metrics/metrics.go | 23 ++- utils/prometheusmetrics/prometheusmetrics.go | 20 +-- 3 files changed, 192 insertions(+), 21 deletions(-) diff --git a/cmd/cni-metrics-helper/metrics/cni_metrics_test.go b/cmd/cni-metrics-helper/metrics/cni_metrics_test.go index 8ec0ea9f35..d027e6bfc1 100644 --- a/cmd/cni-metrics-helper/metrics/cni_metrics_test.go +++ b/cmd/cni-metrics-helper/metrics/cni_metrics_test.go @@ -1,6 +1,7 @@ package metrics import ( + "fmt" "testing" "github.com/golang/mock/gomock" @@ -16,6 +17,12 @@ import ( eniconfigscheme "github.com/aws/amazon-vpc-cni-k8s/pkg/apis/crd/v1alpha1" "github.com/aws/amazon-vpc-cni-k8s/pkg/publisher/mock_publisher" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" + "github.com/aws/amazon-vpc-cni-k8s/utils/prometheusmetrics" + "github.com/aws/aws-sdk-go-v2/aws" + cloudwatchtypes "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" + + "github.com/prometheus/client_golang/prometheus" + dto "github.com/prometheus/client_model/go" ) var logConfig = logger.Configuration{ @@ -49,7 +56,7 @@ func TestCNIMetricsNew(t *testing.T) { m := setup(t) ctx := context.Background() _, _ = m.clientset.CoreV1().Pods("kube-system").Create(ctx, &v1.Pod{ObjectMeta: metav1.ObjectMeta{Name: "aws-node-1"}}, metav1.CreateOptions{}) - //cniMetric := CNIMetricsNew(m.clientset, m.mockPublisher, m.discoverController, false, log) + // cniMetric := CNIMetricsNew(m.clientset, m.mockPublisher, m.discoverController, false, log) cniMetric := CNIMetricsNew(m.clientset, m.mockPublisher, false, false, testLog, m.podWatcher) assert.NotNil(t, cniMetric) assert.NotNil(t, cniMetric.getCWMetricsPublisher()) @@ -57,3 +64,164 @@ func TestCNIMetricsNew(t *testing.T) { assert.Equal(t, testLog, cniMetric.getLogger()) assert.False(t, cniMetric.submitCloudWatch()) } + +// Add these helper functions at the top of the test file +func createTestMetricFamilies() map[string]*dto.MetricFamily { + return map[string]*dto.MetricFamily{ + "awscni_eni_max": { + Name: aws.String("awscni_eni_max"), + Type: dto.MetricType_GAUGE.Enum(), + Metric: []*dto.Metric{{ + Gauge: &dto.Gauge{Value: aws.Float64(10.0)}, + }}, + }, + "awscni_ip_max": { + Name: aws.String("awscni_ip_max"), + Type: dto.MetricType_GAUGE.Enum(), + Metric: []*dto.Metric{{ + Gauge: &dto.Gauge{Value: aws.Float64(20.0)}, + }}, + }, + "awscni_eni_allocated": { + Name: aws.String("awscni_eni_allocated"), + Type: dto.MetricType_GAUGE.Enum(), + Metric: []*dto.Metric{{ + Gauge: &dto.Gauge{Value: aws.Float64(3.0)}, + }}, + }, + "awscni_total_ip_addresses": { + Name: aws.String("awscni_total_ip_addresses"), + Type: dto.MetricType_GAUGE.Enum(), + Metric: []*dto.Metric{{ + Gauge: &dto.Gauge{Value: aws.Float64(30.0)}, + }}, + }, + "awscni_assigned_ip_addresses": { + Name: aws.String("awscni_assigned_ip_addresses"), + Type: dto.MetricType_GAUGE.Enum(), + Metric: []*dto.Metric{{ + Gauge: &dto.Gauge{Value: aws.Float64(15.0)}, + }}, + }, + } +} + +func createTestConvertDef(includeCloudWatch bool) map[string]metricsConvert { + testData := []struct { + metricName string + value float64 + cwMetricName string + }{ + {"awscni_eni_max", 10.0, "eni_max"}, + {"awscni_ip_max", 20.0, "ip_max"}, + {"awscni_eni_allocated", 3.0, "eni_allocated"}, + {"awscni_total_ip_addresses", 30.0, "total_ip_addresses"}, + {"awscni_assigned_ip_addresses", 15.0, "assigned_ip_addresses"}, + } + + result := make(map[string]metricsConvert) + for _, td := range testData { + action := metricsAction{ + data: &dataPoints{curSingleDataPoint: td.value}, + } + if includeCloudWatch { + action.cwMetricName = td.cwMetricName + } + result[td.metricName] = metricsConvert{ + actions: []metricsAction{action}, + } + } + return result +} + +func createExpectedCloudWatchMetrics() []cloudwatchtypes.MetricDatum { + return []cloudwatchtypes.MetricDatum{ + { + MetricName: aws.String("eni_max"), + Unit: cloudwatchtypes.StandardUnitCount, + Value: aws.Float64(10.0), + }, + { + MetricName: aws.String("ip_max"), + Unit: cloudwatchtypes.StandardUnitCount, + Value: aws.Float64(20.0), + }, + { + MetricName: aws.String("eni_allocated"), + Unit: cloudwatchtypes.StandardUnitCount, + Value: aws.Float64(3.0), + }, + { + MetricName: aws.String("total_ip_addresses"), + Unit: cloudwatchtypes.StandardUnitCount, + Value: aws.Float64(30.0), + }, + { + MetricName: aws.String("assigned_ip_addresses"), + Unit: cloudwatchtypes.StandardUnitCount, + Value: aws.Float64(15.0), + }, + } +} + +func TestProduceCloudWatchMetrics(t *testing.T) { + m := setup(t) + cniMetric := CNIMetricsNew(m.clientset, m.mockPublisher, true, false, testLog, m.podWatcher) + + families := createTestMetricFamilies() + testConvertDef := createTestConvertDef(true) + expectedMetrics := createExpectedCloudWatchMetrics() + + // Expect CloudWatch publish to be called for each metric + for _, expectedMetric := range expectedMetrics { + m.mockPublisher.EXPECT().Publish(expectedMetric).Times(1) + } + + err := produceCloudWatchMetrics(cniMetric, families, testConvertDef, m.mockPublisher) + assert.NoError(t, err) +} + +func TestProducePrometheusMetrics(t *testing.T) { + prometheus.DefaultRegisterer = prometheus.NewRegistry() + m := setup(t) + cniMetric := CNIMetricsNew(m.clientset, m.mockPublisher, false, true, testLog, m.podWatcher) + + families := createTestMetricFamilies() + testConvertDef := createTestConvertDef(false) + + // Register and initialize Prometheus metrics + prometheusmetrics.PrometheusRegister() + metrics := prometheusmetrics.GetSupportedPrometheusCNIMetricsMapping() + for _, metric := range metrics { + if gauge, ok := metric.(prometheus.Gauge); ok { + gauge.Set(0) + } + } + + err := producePrometheusMetrics(cniMetric, families, testConvertDef) + assert.NoError(t, err) + + // Verify metrics + testCases := []struct { + metricName string + expected float64 + }{ + {"awscni_eni_max", 10.0}, + {"awscni_ip_max", 20.0}, + {"awscni_eni_allocated", 3.0}, + {"awscni_total_ip_addresses", 30.0}, + {"awscni_assigned_ip_addresses", 15.0}, + } + + metrics = prometheusmetrics.GetSupportedPrometheusCNIMetricsMapping() + for _, tc := range testCases { + gauge, ok := metrics[tc.metricName].(prometheus.Gauge) + assert.True(t, ok, fmt.Sprintf("Metric %s should be registered as a Gauge", tc.metricName)) + + var metric dto.Metric + err = gauge.Write(&metric) + assert.NoError(t, err) + assert.Equal(t, tc.expected, *metric.Gauge.Value, + fmt.Sprintf("Metric %s value should be set to %f", tc.metricName, tc.expected)) + } +} diff --git a/cmd/cni-metrics-helper/metrics/metrics.go b/cmd/cni-metrics-helper/metrics/metrics.go index eae4e9e982..d4f9b820d7 100644 --- a/cmd/cni-metrics-helper/metrics/metrics.go +++ b/cmd/cni-metrics-helper/metrics/metrics.go @@ -303,19 +303,19 @@ func produceHistogram(act metricsAction, cw publisher.Publisher) { } func filterMetrics(originalMetrics map[string]*dto.MetricFamily, - interestingMetrics map[string]metricsConvert) (map[string]*dto.MetricFamily, error) { + interestingMetrics map[string]metricsConvert, +) (map[string]*dto.MetricFamily, error) { result := map[string]*dto.MetricFamily{} for metric := range interestingMetrics { if family, found := originalMetrics[metric]; found { result[metric] = family - } } return result, nil } -func produceCloudWatchMetrics(t metricsTarget, families map[string]*dto.MetricFamily, convertDef map[string]metricsConvert, cw publisher.Publisher) { +func produceCloudWatchMetrics(t metricsTarget, families map[string]*dto.MetricFamily, convertDef map[string]metricsConvert, cw publisher.Publisher) error { for key, family := range families { convertMetrics := convertDef[key] metricType := family.GetType() @@ -347,15 +347,18 @@ func produceCloudWatchMetrics(t metricsTarget, families map[string]*dto.MetricFa } } } + + return nil } // Prometheus export supports only gauge metrics for now. -func producePrometheusMetrics(t metricsTarget, families map[string]*dto.MetricFamily, convertDef map[string]metricsConvert) { +func producePrometheusMetrics(t metricsTarget, families map[string]*dto.MetricFamily, convertDef map[string]metricsConvert) error { prometheusCNIMetrics := prometheusmetrics.GetSupportedPrometheusCNIMetricsMapping() if len(prometheusCNIMetrics) == 0 { - t.getLogger().Infof("Skipping since prometheus mapping is missing") - return + errorMsg := "Skipping since prometheus mapping is missing" + t.getLogger().Infof(errorMsg) + return fmt.Errorf(errorMsg) } for key, family := range families { convertMetrics := convertDef[key] @@ -365,11 +368,17 @@ func producePrometheusMetrics(t metricsTarget, families map[string]*dto.MetricFa case dto.MetricType_GAUGE: metrics, ok := prometheusCNIMetrics[family.GetName()] if ok { - metrics.(prometheus.Gauge).Set(action.data.curSingleDataPoint) + if gauge, isGauge := metrics.(prometheus.Gauge); isGauge { + gauge.Set(action.data.curSingleDataPoint) + } else { + t.getLogger().Warnf("Metric %s is not a Gauge type, skipping", family.GetName()) + } } } } } + + return nil } func resetMetrics(interestingMetrics map[string]metricsConvert) { diff --git a/utils/prometheusmetrics/prometheusmetrics.go b/utils/prometheusmetrics/prometheusmetrics.go index bd404875aa..fc5adc0463 100644 --- a/utils/prometheusmetrics/prometheusmetrics.go +++ b/utils/prometheusmetrics/prometheusmetrics.go @@ -225,24 +225,18 @@ func PrometheusRegister() { prometheus.MustRegister(IpsPerCidr) prometheus.MustRegister(NoAvailableIPAddrs) prometheus.MustRegister(EniIPsInUse) - } // This can be enhanced to get it programatically. // Initial CNI metrics helper enhancement includes only Gauge. Doesn't support GaugeVec, Counter, CounterVec and Summary func GetSupportedPrometheusCNIMetricsMapping() map[string]prometheus.Collector { - var prometheusCNIMetrics = map[string]prometheus.Collector{ - "awscni_eni_max": EnisMax, - "awscni_ip_max": IpMax, - "awscni_add_ip_req_count": AddIPCnt, - "awscni_del_ip_req_count": DelIPCnt, - "awscni_eni_allocated": Enis, - "awscni_total_ip_addresses": TotalIPs, - "awscni_assigned_ip_addresses": AssignedIPs, - "awscni_force_removed_enis": ForceRemovedENIs, - "awscni_force_removed_ips": ForceRemovedIPs, - "awscni_total_ipv4_prefixes": TotalPrefixes, - "awscni_no_available_ip_addresses": NoAvailableIPAddrs, + prometheusCNIMetrics := map[string]prometheus.Collector{ + "awscni_eni_max": EnisMax, + "awscni_ip_max": IpMax, + "awscni_eni_allocated": Enis, + "awscni_total_ip_addresses": TotalIPs, + "awscni_assigned_ip_addresses": AssignedIPs, + "awscni_total_ipv4_prefixes": TotalPrefixes, } return prometheusCNIMetrics } From 235fa2a13fa50400d5ecab7cac181035f203af9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 10:20:13 +0000 Subject: [PATCH 21/60] Bump helm.sh/helm/v3 from 3.15.2 to 3.16.4 Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.15.2 to 3.16.4. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.15.2...v3.16.4) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 60 ++++++++++---------- go.sum | 170 ++++++++++++++++++++++++++------------------------------- 2 files changed, 107 insertions(+), 123 deletions(-) diff --git a/go.mod b/go.mod index ca6a8cbfa9..391e715e38 100644 --- a/go.mod +++ b/go.mod @@ -35,30 +35,30 @@ require ( github.com/vishvananda/netlink v1.3.0 go.uber.org/zap v1.27.0 golang.org/x/net v0.30.0 - golang.org/x/sys v0.26.0 + golang.org/x/sys v0.28.0 google.golang.org/grpc v1.67.1 google.golang.org/protobuf v1.35.1 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.15.2 - k8s.io/api v0.31.2 - k8s.io/apimachinery v0.31.2 - k8s.io/cli-runtime v0.31.2 - k8s.io/client-go v0.31.2 + helm.sh/helm/v3 v3.16.4 + k8s.io/api v0.31.3 + k8s.io/apimachinery v0.31.3 + k8s.io/cli-runtime v0.31.3 + k8s.io/client-go v0.31.3 sigs.k8s.io/controller-runtime v0.19.1 ) require ( + dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/BurntSushi/toml v1.3.2 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.3 // indirect + github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.12.3 // indirect - github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.51.32 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.45 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect @@ -73,11 +73,13 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.12 // indirect + github.com/containerd/containerd v1.7.23 // indirect + github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/containerd/platforms v0.2.1 // indirect + github.com/cyphar/filepath-securejoin v0.3.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/distribution/reference v0.5.0 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v26.1.5+incompatible // indirect @@ -85,7 +87,7 @@ require ( github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.13.0 // indirect @@ -116,11 +118,11 @@ require ( github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/huandu/xstrings v1.4.0 // indirect - github.com/imdario/mergo v0.3.13 // indirect + github.com/huandu/xstrings v1.5.0 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect - github.com/jmoiron/sqlx v1.3.5 // indirect + github.com/jmoiron/sqlx v1.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.9 // indirect @@ -145,15 +147,15 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc6 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/procfs v0.15.1 // indirect - github.com/rubenv/sql-migrate v1.5.2 // indirect + github.com/rubenv/sql-migrate v1.7.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/safchain/ethtool v0.4.0 // indirect - github.com/shopspring/decimal v1.3.1 // indirect - github.com/spf13/cast v1.5.0 // indirect + github.com/shopspring/decimal v1.4.0 // indirect + github.com/spf13/cast v1.7.0 // indirect github.com/spf13/cobra v1.8.1 // indirect github.com/vishvananda/netns v0.0.4 // indirect github.com/x448/float16 v0.8.4 // indirect @@ -167,12 +169,12 @@ require ( go.opentelemetry.io/otel/trace v1.28.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.24.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/oauth2 v0.23.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/term v0.21.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect @@ -180,12 +182,12 @@ require ( gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.31.0 // indirect - k8s.io/apiserver v0.31.0 // indirect - k8s.io/component-base v0.31.0 // indirect + k8s.io/apiextensions-apiserver v0.31.3 // indirect + k8s.io/apiserver v0.31.3 // indirect + k8s.io/component-base v0.31.3 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/kubectl v0.30.0 // indirect + k8s.io/kubectl v0.31.3 // indirect k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index 2699371c68..46316478e9 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= @@ -12,11 +16,10 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= -github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= +github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= @@ -31,8 +34,8 @@ github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4t github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY= -github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b h1:xCQo9O4BIwuLhrQAqamsvhfgjBiSOo83uDMMSivRsnw= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4yleqbIOKEevKfVxozKvhJWok= @@ -103,14 +106,16 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= -github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= -github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= +github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= +github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= -github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= +github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= +github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= +github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8FuJbEslXM= github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ= @@ -121,16 +126,16 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= -github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= @@ -151,8 +156,8 @@ github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxER github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= -github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= @@ -161,10 +166,10 @@ github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= -github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= -github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= -github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= @@ -190,17 +195,11 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= -github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= -github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= -github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY= -github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY= -github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -245,7 +244,6 @@ github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgY github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= @@ -265,20 +263,18 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= -github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= -github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -286,8 +282,6 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw= -github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= @@ -307,19 +301,12 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= -github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= -github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc= -github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY= -github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= -github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI= -github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= @@ -330,18 +317,15 @@ github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPn github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI= -github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= +github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.1.25 h1:dFwPR6SfLtrSwgDcIq2bcU/gVutB4sNApq2HBdqcakg= -github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= +github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= @@ -350,6 +334,8 @@ github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8 github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -372,8 +358,8 @@ github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y= github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= -github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= @@ -407,8 +393,8 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0= -github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= +github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= +github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/safchain/ethtool v0.4.0 h1:vq1i2HCjshJNywOXFZ1BpwIjyeFR/kvNdHiRzqSElDI= @@ -417,15 +403,13 @@ github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= -github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= -github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -438,7 +422,6 @@ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -501,6 +484,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -515,8 +500,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -537,18 +522,18 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -603,41 +588,38 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= -helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= +helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0= +helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= -k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= -k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= -k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= -k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= -k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= -k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= -k8s.io/cli-runtime v0.31.2 h1:7FQt4C4Xnqx8V1GJqymInK0FFsoC+fAZtbLqgXYVOLQ= -k8s.io/cli-runtime v0.31.2/go.mod h1:XROyicf+G7rQ6FQJMbeDV9jqxzkWXTYD6Uxd15noe0Q= -k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= -k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= -k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs= -k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= +k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= +k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= +k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= +k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= +k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= +k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apiserver v0.31.3 h1:+1oHTtCB+OheqFEz375D0IlzHZ5VeQKX1KGXnx+TTuY= +k8s.io/apiserver v0.31.3/go.mod h1:PrxVbebxrxQPFhJk4powDISIROkNMKHibTg9lTRQ0Qg= +k8s.io/cli-runtime v0.31.3 h1:fEQD9Xokir78y7pVK/fCJN090/iYNrLHpFbGU4ul9TI= +k8s.io/cli-runtime v0.31.3/go.mod h1:Q2jkyTpl+f6AtodQvgDI8io3jrfr+Z0LyQBPJJ2Btq8= +k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= +k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= +k8s.io/component-base v0.31.3 h1:DMCXXVx546Rfvhj+3cOm2EUxhS+EyztH423j+8sOwhQ= +k8s.io/component-base v0.31.3/go.mod h1:xME6BHfUOafRgT0rGVBGl7TuSg8Z9/deT7qq6w7qjIU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= -k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= +k8s.io/kubectl v0.31.3 h1:3r111pCjPsvnR98oLLxDMwAeM6OPGmPty6gSKaLTQes= +k8s.io/kubectl v0.31.3/go.mod h1:lhMECDCbJN8He12qcKqs2QfmVo9Pue30geovBVpH5fs= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= From c88cb2c4e35e15e2dee7cce7974ab640e8d9e54e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 10:21:06 +0000 Subject: [PATCH 22/60] Bump github.com/aws/aws-sdk-go-v2/service/autoscaling Bumps [github.com/aws/aws-sdk-go-v2/service/autoscaling](https://github.com/aws/aws-sdk-go-v2) from 1.50.0 to 1.51.2. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.50.0...service/s3/v1.51.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/autoscaling dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 391e715e38..fff95420d4 100644 --- a/go.mod +++ b/go.mod @@ -6,10 +6,10 @@ require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 - github.com/aws/aws-sdk-go-v2 v1.32.5 + github.com/aws/aws-sdk-go-v2 v1.32.7 github.com/aws/aws-sdk-go-v2/config v1.28.4 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.50.0 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 @@ -61,8 +61,8 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.51.32 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.45 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect diff --git a/go.sum b/go.sum index 46316478e9..6fc37459d6 100644 --- a/go.sum +++ b/go.sum @@ -42,22 +42,22 @@ github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4y github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo= -github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.32.7 h1:ky5o35oENWi0JYWUZkB7WYvVPP+bcRF5/Iq7JWSb5Rw= +github.com/aws/aws-sdk-go-v2 v1.32.7/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= github.com/aws/aws-sdk-go-v2/config v1.28.4 h1:qgD0MKmkIzZR2DrAjWJcI9UkndjR+8f6sjUQvXh0mb0= github.com/aws/aws-sdk-go-v2/config v1.28.4/go.mod h1:LgnWnNzHZw4MLplSyEGia0WgJ/kCGD86zGCjvNpehJs= github.com/aws/aws-sdk-go-v2/credentials v1.17.45 h1:DUgm5lFso57E7150RBgu1JpVQoF8fAPretiDStIuVjg= github.com/aws/aws-sdk-go-v2/credentials v1.17.45/go.mod h1:dnBpENcPC1ekZrGpSWspX+ZRGzhkvqngT2Qp5xBR1dY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 h1:woXadbf0c7enQ2UGCi8gW/WuKmE0xIzxBF/eD94jMKQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19/go.mod h1:zminj5ucw7w0r65bP6nhyOd3xL6veAUMc3ElGMoLVb4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 h1:I/5wmGMffY4happ8NOCuIUEWGUvvFp5NSeQcXl9RHcI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26/go.mod h1:FR8f4turZtNy6baO0KJ5FJUmXH/cSkI9fOngs0yl6mA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 h1:zXFLuEuMMUOvEARXFUVJdfqZ4bvvSgdGRq/ATcrQxzM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26/go.mod h1:3o2Wpy0bogG1kyOPrgkXA8pgIfEEv0+m19O9D5+W8y8= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.50.0 h1:5tF6T8pAKna0TZ2g77jKdTCKoIRDsaYlYxz9OC1BraI= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.50.0/go.mod h1:I1+/2m+IhnK5qEbhS3CrzjeiVloo9sItE/2K+so0fkU= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 h1:MSSstL6YXAw2K68L1kph02WTQHKeb/lwmbsMhswpjuY= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2/go.mod h1:t5bdAowh8MWq51TuDmltU+wtxMl/VaegNwSBaznkUYc= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 h1:zmXJiEm/fQYtFDLIUsZrcPIjTrL3R/noFICGlYBj3Ww= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0/go.mod h1:9nOjXCDKE+QMK4JaCrLl36PU+VEfJmI7WVehYmojO8s= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 h1:r1sp92LSk4Gx8l0gScEjzSN+4iiImDvNayY9JYPNtNI= From 66bd42b43036676d3418073b1aae6932d1e8a03c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 10:22:02 +0000 Subject: [PATCH 23/60] Bump github.com/aws/aws-sdk-go-v2/service/iam from 1.38.1 to 1.38.3 Bumps [github.com/aws/aws-sdk-go-v2/service/iam](https://github.com/aws/aws-sdk-go-v2) from 1.38.1 to 1.38.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.38.1...service/s3/v1.38.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/iam dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fff95420d4..ff4ca6b945 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 - github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 + github.com/aws/aws-sdk-go-v2/service/iam v1.38.3 github.com/aws/smithy-go v1.22.1 github.com/containernetworking/cni v1.2.3 github.com/containernetworking/plugins v1.5.1 diff --git a/go.sum b/go.sum index 6fc37459d6..653ebb35aa 100644 --- a/go.sum +++ b/go.sum @@ -66,8 +66,8 @@ github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 h1:eBriSsQa4r7aiKF2wv1EGYbK3X1 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0/go.mod h1:0A17IIeys01WfjDKehspGP+Cyo/YH/eNADIbEbRS9yM= github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 h1:XqyUdJbXQxY48CbBtN9a51HoTQy/kTIwrWiruRDsydk= github.com/aws/aws-sdk-go-v2/service/eks v1.52.1/go.mod h1:WTfZ/+I7aSMEna6iYm1Kjne9A8f1MyxXNfp6hCa1+Bk= -github.com/aws/aws-sdk-go-v2/service/iam v1.38.1 h1:hfkzDZHBp9jAT4zcd5mtqckpU4E3Ax0LQaEWWk1VgN8= -github.com/aws/aws-sdk-go-v2/service/iam v1.38.1/go.mod h1:u36ahDtZcQHGmVm/r+0L1sfKX4fzLEMdCqiKRKkUMVM= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.3 h1:2sFIoFzU1IEL9epJWubJm9Dhrn45aTNEJuwsesaCGnk= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.3/go.mod h1:KzlNINwfr/47tKkEhgk0r10/OZq3rjtyWy0txL3lM+I= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 h1:tHxQi/XHPK0ctd/wdOw0t7Xrc2OxcRCnVzv8lwWPu0c= From 57c1b38bfa2bd817f6dfe403358886cab1436a53 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 3 Jan 2025 16:16:55 -0800 Subject: [PATCH 24/60] Update Changelog and Version for CNI 1.19.2 (#3171) --- CHANGELOG.md | 16 ++++++++++++++++ charts/aws-vpc-cni/Chart.yaml | 4 ++-- charts/aws-vpc-cni/README.md | 4 ++-- charts/aws-vpc-cni/values.yaml | 6 +++--- charts/cni-metrics-helper/Chart.yaml | 4 ++-- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 16 ++++++++-------- config/master/aws-k8s-cni-us-gov-east-1.yaml | 16 ++++++++-------- config/master/aws-k8s-cni-us-gov-west-1.yaml | 16 ++++++++-------- config/master/aws-k8s-cni.yaml | 16 ++++++++-------- config/master/cni-metrics-helper-cn.yaml | 10 +++++----- .../master/cni-metrics-helper-us-gov-east-1.yaml | 10 +++++----- .../master/cni-metrics-helper-us-gov-west-1.yaml | 10 +++++----- config/master/cni-metrics-helper.yaml | 10 +++++----- scripts/generate-cni-yaml.sh | 4 ++-- scripts/run-cni-release-tests.sh | 6 +++--- 17 files changed, 84 insertions(+), 68 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f6e0bc2e3..b8062d8102 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,21 @@ # Changelog +## v1.19.2 + +* Feature: run make generate-limits to update the max pods file by @tzneal in https://github.com/aws/amazon-vpc-cni-k8s/pull/3141 +* Tests: Fix KOps Integration Test by @dshehbaj in https://github.com/aws/amazon-vpc-cni-k8s/pull/3140 +* Bug-Fix: Revert "utils prometheusmetrics: convert gauges to counters (#3093)" by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/3147 +* Docs: Update NP strict mode doc by @Pavani-Panakanti in https://github.com/aws/amazon-vpc-cni-k8s/pull/3125 +* Docs: adding email to share node bundle by @yash97 in https://github.com/aws/amazon-vpc-cni-k8s/pull/3134 +* Dependency: crypto module dependency https://github.com/aws/amazon-vpc-cni-k8s/pull/3151 +* Dependency: Dependabot PRs. https://github.com/aws/amazon-vpc-cni-k8s/pull/3135 +* Dependency: Dependabot PRs. https://github.com/aws/amazon-vpc-cni-k8s/pull/3137 +* Dependency: Bump golang.org/x/sys from 0.27.0 to 0.28.0 in /test/agent by @dependabot in https://github.com/aws/amazon-vpc-cni-k8s/pull/3138 + +## v1.19.1 + +* Skipped + ## v1.19.0 * Manifest update for unsupported compute type diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index 82341f121c..c4eb209c87 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.19.0 -appVersion: "v1.19.0" +version: 1.19.2 +appVersion: "v1.19.2" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 718b4fb3eb..10a6237ba8 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.19.0` | +| `image.tag` | Image tag | `v1.19.2` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.19.0` | +| `init.image.tag` | Image tag | `v1.19.2` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 8a1f02d2ad..efcd2ab2c4 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.19.0 + tag: v1.19.2 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -51,7 +51,7 @@ nodeAgent: resources: {} image: - tag: v1.19.0 + tag: v1.19.2 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -85,7 +85,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.19.0" + VPC_CNI_VERSION: "v1.19.2" NETWORK_POLICY_ENFORCING_MODE: "standard" # Add env from configMap or from secrets diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index 3520bca7c4..46a97306c5 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.19.0 -appVersion: v1.19.0 +version: 1.19.2 +appVersion: v1.19.2 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index 1cb17f80d7..33bb71b6d3 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d | -------------------------------|---------------------------------------------------------------|-------------------------------------| | `affinity` | Map of node/pod affinities | `{}` | | `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | -| `image.tag` | Image tag | `v1.19.0` | +| `image.tag` | Image tag | `v1.19.2` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.account` | ECR repository account number | `602401143452` | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index a7473d22c3..3c37bf5b4a 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.19.0 + tag: v1.19.2 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index ba5560cf26..a0f4fd2d5d 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.19.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.19.2 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.19.0 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.19.2 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.19.0" + value: "v1.19.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index c743962aec..b8d78de70b 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.19.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.19.2 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.19.0 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.19.2 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.19.0" + value: "v1.19.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index f705d3dedc..7ddcd8f9b8 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.19.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.19.2 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.19.0 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.19.2 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.19.0" + value: "v1.19.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index c51fb18d26..460c2b7659 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -300,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -377,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: updateStrategy: rollingUpdate: @@ -418,7 +418,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.19.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.19.2 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.19.0 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.19.2 ports: - containerPort: 61678 name: metrics @@ -504,7 +504,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.19.0" + value: "v1.19.2" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index d7a890fc85..551792ced6 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.19.0" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.19.2" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index c7727b254a..1d452bdeae 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.19.0" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.19.2" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index af6d7f9a76..170f8a181c 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.19.0" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.19.2" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index 54893b47ee..51f87cce67 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -18,7 +18,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" rules: - apiGroups: [""] resources: @@ -34,7 +34,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -54,7 +54,7 @@ metadata: k8s-app: cni-metrics-helper app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.19.0" + app.kubernetes.io/version: "v1.19.2" spec: revisionHistoryLimit: 10 selector: @@ -78,5 +78,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.0" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.2" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 455b16cc3f..d4b499a34b 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.14.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.19.0" -NODE_AGENT_VERSION="v1.1.5" +VPC_CNI_VERSION="v1.19.2" +NODE_AGENT_VERSION="v1.1.6" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index d8c0b0b024..dc4a0210f9 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.0" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.2" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -38,9 +38,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.19.0" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.19.2" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.0}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.19.2}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) From 6f477a3d7a4ce0d405f7f93a80c2638b6ed757db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Jan 2025 20:14:21 -0800 Subject: [PATCH 25/60] Bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds (#3166) Bumps [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://github.com/aws/aws-sdk-go-v2) from 1.16.19 to 1.16.22. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ram/v1.16.19...service/ram/v1.16.22) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/feature/ec2/imds dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ff4ca6b945..872facc45f 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 github.com/aws/aws-sdk-go-v2 v1.32.7 github.com/aws/aws-sdk-go-v2/config v1.28.4 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 diff --git a/go.sum b/go.sum index 653ebb35aa..9fc983f8bb 100644 --- a/go.sum +++ b/go.sum @@ -48,8 +48,8 @@ github.com/aws/aws-sdk-go-v2/config v1.28.4 h1:qgD0MKmkIzZR2DrAjWJcI9UkndjR+8f6s github.com/aws/aws-sdk-go-v2/config v1.28.4/go.mod h1:LgnWnNzHZw4MLplSyEGia0WgJ/kCGD86zGCjvNpehJs= github.com/aws/aws-sdk-go-v2/credentials v1.17.45 h1:DUgm5lFso57E7150RBgu1JpVQoF8fAPretiDStIuVjg= github.com/aws/aws-sdk-go-v2/credentials v1.17.45/go.mod h1:dnBpENcPC1ekZrGpSWspX+ZRGzhkvqngT2Qp5xBR1dY= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 h1:woXadbf0c7enQ2UGCi8gW/WuKmE0xIzxBF/eD94jMKQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19/go.mod h1:zminj5ucw7w0r65bP6nhyOd3xL6veAUMc3ElGMoLVb4= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 h1:kqOrpojG71DxJm/KDPO+Z/y1phm1JlC8/iT+5XRmAn8= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22/go.mod h1:NtSFajXVVL8TA2QNngagVZmUtXciyrHOt7xgz4faS/M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 h1:I/5wmGMffY4happ8NOCuIUEWGUvvFp5NSeQcXl9RHcI= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26/go.mod h1:FR8f4turZtNy6baO0KJ5FJUmXH/cSkI9fOngs0yl6mA= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 h1:zXFLuEuMMUOvEARXFUVJdfqZ4bvvSgdGRq/ATcrQxzM= From f4b0a78b6f3f447afb0edda1feb350d36d1582a5 Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Sun, 5 Jan 2025 14:01:43 -0500 Subject: [PATCH 26/60] Add CNINode to cache filter (#3164) We should reduce the number of CNINode object VPC CNI watches for to just the node it is managing as well. Signed-off-by: Davanum Srinivas Co-authored-by: Hao Zhou Co-authored-by: Harish Kuna --- pkg/k8sapi/k8sutils.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/k8sapi/k8sutils.go b/pkg/k8sapi/k8sutils.go index 4ebac0ab69..32d897544d 100644 --- a/pkg/k8sapi/k8sutils.go +++ b/pkg/k8sapi/k8sutils.go @@ -41,6 +41,9 @@ func getIPAMDCacheFilters() map[client.Object]cache.ByObject { &corev1.Node{}: { Field: fields.Set{"metadata.name": nodeName}.AsSelector(), }, + &rcscheme.CNINode{}: { + Field: fields.Set{"metadata.name": nodeName}.AsSelector(), + }, } } return nil From 94c4a1502cacf2fda943240db400c6dc116c9abc Mon Sep 17 00:00:00 2001 From: Omer Aplatony Date: Mon, 6 Jan 2025 21:43:46 +0200 Subject: [PATCH 27/60] fix: remove null creationTimestamp from CRD metadata (#3163) Signed-off-by: Omer Aplatony Co-authored-by: Senthil Kumaran --- charts/aws-vpc-cni/crds/customresourcedefinition.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/aws-vpc-cni/crds/customresourcedefinition.yaml b/charts/aws-vpc-cni/crds/customresourcedefinition.yaml index 9592c29647..5eae68ceb6 100644 --- a/charts/aws-vpc-cni/crds/customresourcedefinition.yaml +++ b/charts/aws-vpc-cni/crds/customresourcedefinition.yaml @@ -58,7 +58,6 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null labels: app.kubernetes.io/name: amazon-network-policy-controller-k8s name: policyendpoints.networking.k8s.aws @@ -286,4 +285,4 @@ spec: served: true storage: true subresources: - status: {} \ No newline at end of file + status: {} From acc76bb7d89336e4b2c4fd22f7ac6638c49cbff0 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Fri, 17 Jan 2025 16:22:10 -0800 Subject: [PATCH 28/60] Fix issue with primary ENI ip lookup when an ENI has both IPv4 and IPv6 address. (#3156) --- pkg/awsutils/awsutils.go | 2 -- pkg/awsutils/awsutils_test.go | 26 ++++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index 43256cdc86..85aa960f31 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -642,7 +642,6 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat if len(imdsIPv4s) > 0 { ipv4Available = true log.Debugf("Found IPv4 addresses associated with interface. This is not efa-only interface") - break } } if field == "ipv6s" { @@ -652,7 +651,6 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat } else if len(imdsIPv6s) > 0 { ipv6Available = true log.Debugf("Found IPv6 addresses associated with interface. This is not efa-only interface") - break } } } diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index cd268b3c82..c1eba58acc 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -79,6 +79,7 @@ const ( eni1PrivateIP = "10.0.0.1" eni1Prefix = "10.0.1.0/28" eni2Device = "1" + eni1v6IP = "2001:db8:8:1::2" eni2PrivateIP = "10.0.0.2" eni2Prefix = "10.0.2.0/28" eni2v6IP = "2001:db8:8:4::2" @@ -89,6 +90,7 @@ const ( imdsMACFields = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block local-ipv4s ipv4-prefix ipv6-prefix" imdsMACFieldsEfaOnly = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block ipv4-prefix ipv6-prefix" imdsMACFieldsV6Only = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv6-cidr-blocks ipv6s ipv6-prefix" + imdsMACFieldsV4AndV6 = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block ipv6s local-ipv4s" ) func testMetadata(overrides map[string]interface{}) FakeIMDS { @@ -261,6 +263,30 @@ func TestGetAttachedENIsWithIPv6Only(t *testing.T) { } } +func TestGetAttachedENIsIPv4AndIPv6AttachedToPrimaryENI(t *testing.T) { + mockMetadata := testMetadata(map[string]interface{}{ + metadataMACPath: primaryMAC, + metadataMACPath + primaryMAC: imdsMACFieldsV4AndV6, + metadataMACPath + primaryMAC + metadataIPv6s: eni1v6IP, + }) + + cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}, v4Enabled: true, v6Enabled: true} + ens, err := cache.GetAttachedENIs() + if assert.NoError(t, err) { + assert.Equal(t, len(ens), 1) + } + + primaryENI := ens[0] + + if assert.Len(t, primaryENI.IPv4Addresses, 1, "Primary ENI has IPv4 address") { + assert.Equal(t, eni1PrivateIP, aws.ToString(primaryENI.IPv4Addresses[0].PrivateIpAddress)) + } + + if assert.Len(t, primaryENI.IPv6Addresses, 1, "Primary ENI has IPv6 address in this test.") { + assert.Equal(t, eni1v6IP, aws.ToString(primaryENI.IPv6Addresses[0].Ipv6Address)) + } +} + func TestGetAttachedENIsWithPrefixes(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC, From 71eea69dfe9aeea0f46bead0d033aa2ee6dbd15f Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Sat, 8 Feb 2025 05:13:27 -0800 Subject: [PATCH 29/60] Use awshttp client instead of smithy httpclient. (#3193) * Use awshttp client. * Update .go-version. --- .go-version | 2 +- pkg/awsutils/awssession/session.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.go-version b/.go-version index da9594fd66..2560439f07 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.5 +1.22.12 diff --git a/pkg/awsutils/awssession/session.go b/pkg/awsutils/awssession/session.go index 5927e32b06..e8159a2327 100644 --- a/pkg/awsutils/awssession/session.go +++ b/pkg/awsutils/awssession/session.go @@ -16,7 +16,6 @@ package awssession import ( "context" "fmt" - "net/http" "os" "github.com/aws/aws-sdk-go-v2/aws" @@ -24,6 +23,8 @@ import ( "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/smithy-go" + + awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http" smithymiddleware "github.com/aws/smithy-go/middleware" smithyhttp "github.com/aws/smithy-go/transport/http" @@ -64,10 +65,9 @@ func getHTTPTimeout() time.Duration { // New will return aws.Config to be used by Service Clients. func New(ctx context.Context) (aws.Config, error) { - customHTTPClient := &http.Client{ - Timeout: getHTTPTimeout()} + httpClient := awshttp.NewBuildableClient().WithTimeout(getHTTPTimeout()) optFns := []func(*config.LoadOptions) error{ - config.WithHTTPClient(customHTTPClient), + config.WithHTTPClient(httpClient), config.WithRetryMaxAttempts(maxRetries), config.WithRetryer(func() aws.Retryer { return retry.NewStandard() From 5b69f3ed2737dd027373574577e32d3228559f46 Mon Sep 17 00:00:00 2001 From: Hao Zhou Date: Sun, 9 Feb 2025 15:41:08 -0800 Subject: [PATCH 30/60] retryOnConflict shouldnt' retry on NotFound (#3192) Co-authored-by: Senthil Kumaran --- pkg/ipamd/ipamd.go | 5 +++++ pkg/ipamd/ipamd_test.go | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 3ba394ec5e..9b9b07ccdb 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -2001,6 +2001,11 @@ func (c *IPAMContext) AnnotatePod(podName string, podNamespace string, key strin if err == nil && pod == nil { log.Warnf("get a nil pod for pod name %s and namespace %s", podName, podNamespace) } + // since the GetPod() error has been decorated, we have to check key words + // releasedIP is not empty meaning del path + if releasedIP != "" && err != nil && strings.Contains(err.Error(), "not found") { + return nil + } return err } diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index ef796ac2e4..deaa083f47 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -2295,8 +2295,7 @@ func TestAnnotatePod(t *testing.T) { // Test that delete on a non-existant pod fails without crashing err = mockContext.AnnotatePod("no-exist-name", "no-exist-namespace", "ip-address", "", ipTwo) - assert.Error(t, err) - assert.Equal(t, fmt.Errorf("error while trying to retrieve pod info: pods \"no-exist-name\" not found"), err) + assert.NoError(t, err) } func TestAddFeatureToCNINode(t *testing.T) { From 5eefbeb42201ca719d012d115064a63bcba26ecb Mon Sep 17 00:00:00 2001 From: Parikshit Patel Date: Mon, 10 Feb 2025 15:11:11 +1100 Subject: [PATCH 31/60] Update awsutils.go (#3191) Updated typo for AssignPrivateIpv6Addresses to AssignIpv6Addresses Co-authored-by: Senthil Kumaran --- pkg/awsutils/awsutils.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index 85aa960f31..dafb8fa4a8 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -1750,9 +1750,9 @@ func (cache *EC2InstanceMetadataCache) AllocIPv6Prefixes(eniID string) ([]*strin prometheusmetrics.Ec2ApiReq.WithLabelValues("AssignIpv6Addresses").Inc() prometheusmetrics.AwsAPILatency.WithLabelValues("AssignIpv6AddressesWithContext", fmt.Sprint(err != nil), awsReqStatus(err)).Observe(msSince(start)) if err != nil { - checkAPIErrorAndBroadcastEvent(err, "ec2:AssignPrivateIpv6Addresses") + checkAPIErrorAndBroadcastEvent(err, "ec2:AssignIpv6Addresses") log.Errorf("Failed to allocate IPv6 Prefixes on ENI %v: %v", eniID, err) - awsAPIErrInc("AssignPrivateIpv6Addresses", err) + awsAPIErrInc("AssignIpv6Addresses", err) prometheusmetrics.Ec2ApiErr.WithLabelValues("AssignIpv6Addresses").Inc() return nil, errors.Wrap(err, "allocate IPv6 prefix: failed to allocate an IPv6 prefix address") } From 825978caf992113d31ef7f6a2b6b247306d140fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 10:04:56 +0000 Subject: [PATCH 32/60] Bump github.com/aws/aws-sdk-go-v2/service/cloudwatch Bumps [github.com/aws/aws-sdk-go-v2/service/cloudwatch](https://github.com/aws/aws-sdk-go-v2) from 1.43.0 to 1.43.12. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.43.0...service/cloudwatch/v1.43.12) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/cloudwatch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 872facc45f..309f586fd8 100644 --- a/go.mod +++ b/go.mod @@ -6,16 +6,16 @@ require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 - github.com/aws/aws-sdk-go-v2 v1.32.7 + github.com/aws/aws-sdk-go-v2 v1.36.0 github.com/aws/aws-sdk-go-v2/config v1.28.4 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 - github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 + github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 github.com/aws/aws-sdk-go-v2/service/iam v1.38.3 - github.com/aws/smithy-go v1.22.1 + github.com/aws/smithy-go v1.22.2 github.com/containernetworking/cni v1.2.3 github.com/containernetworking/plugins v1.5.1 github.com/coreos/go-iptables v0.8.0 @@ -61,8 +61,8 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.51.32 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.45 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect diff --git a/go.sum b/go.sum index 9fc983f8bb..3e4524e7c6 100644 --- a/go.sum +++ b/go.sum @@ -42,26 +42,26 @@ github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4y github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.32.7 h1:ky5o35oENWi0JYWUZkB7WYvVPP+bcRF5/Iq7JWSb5Rw= -github.com/aws/aws-sdk-go-v2 v1.32.7/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.36.0 h1:b1wM5CcE65Ujwn565qcwgtOTT1aT4ADOHHgglKjG7fk= +github.com/aws/aws-sdk-go-v2 v1.36.0/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM= github.com/aws/aws-sdk-go-v2/config v1.28.4 h1:qgD0MKmkIzZR2DrAjWJcI9UkndjR+8f6sjUQvXh0mb0= github.com/aws/aws-sdk-go-v2/config v1.28.4/go.mod h1:LgnWnNzHZw4MLplSyEGia0WgJ/kCGD86zGCjvNpehJs= github.com/aws/aws-sdk-go-v2/credentials v1.17.45 h1:DUgm5lFso57E7150RBgu1JpVQoF8fAPretiDStIuVjg= github.com/aws/aws-sdk-go-v2/credentials v1.17.45/go.mod h1:dnBpENcPC1ekZrGpSWspX+ZRGzhkvqngT2Qp5xBR1dY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 h1:kqOrpojG71DxJm/KDPO+Z/y1phm1JlC8/iT+5XRmAn8= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22/go.mod h1:NtSFajXVVL8TA2QNngagVZmUtXciyrHOt7xgz4faS/M= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 h1:I/5wmGMffY4happ8NOCuIUEWGUvvFp5NSeQcXl9RHcI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26/go.mod h1:FR8f4turZtNy6baO0KJ5FJUmXH/cSkI9fOngs0yl6mA= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 h1:zXFLuEuMMUOvEARXFUVJdfqZ4bvvSgdGRq/ATcrQxzM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26/go.mod h1:3o2Wpy0bogG1kyOPrgkXA8pgIfEEv0+m19O9D5+W8y8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31 h1:lWm9ucLSRFiI4dQQafLrEOmEDGry3Swrz0BIRdiHJqQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31/go.mod h1:Huu6GG0YTfbPphQkDSo4dEGmQRTKb9k9G7RdtyQWxuI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 h1:ACxDklUKKXb48+eg5ROZXi1vDgfMyfIA/WyvqHcHI0o= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31/go.mod h1:yadnfsDwqXeVaohbGc/RaD287PuyRw2wugkh5ZL2J6k= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 h1:MSSstL6YXAw2K68L1kph02WTQHKeb/lwmbsMhswpjuY= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2/go.mod h1:t5bdAowh8MWq51TuDmltU+wtxMl/VaegNwSBaznkUYc= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 h1:zmXJiEm/fQYtFDLIUsZrcPIjTrL3R/noFICGlYBj3Ww= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0/go.mod h1:9nOjXCDKE+QMK4JaCrLl36PU+VEfJmI7WVehYmojO8s= -github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0 h1:r1sp92LSk4Gx8l0gScEjzSN+4iiImDvNayY9JYPNtNI= -github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.0/go.mod h1:fkETEwhdw2tOqu5m0Xa3wimV3PLDaiGqNrVZ3MJ7zOc= +github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12 h1:SZE/PDYBlP0+SoSVMQUHq5KFTkUccurn99yr1LiLroQ= +github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12/go.mod h1:LZrHBC9LwAoFniu+0g8csH9Jz20Es0AoeIxF6bNh6tQ= github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 h1:eBriSsQa4r7aiKF2wv1EGYbK3X1VnjAYvdOlepBUi8s= github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0/go.mod h1:0A17IIeys01WfjDKehspGP+Cyo/YH/eNADIbEbRS9yM= github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 h1:XqyUdJbXQxY48CbBtN9a51HoTQy/kTIwrWiruRDsydk= @@ -78,8 +78,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 h1:zcx9LiGWZ6i6pjdcoE9oXAB6 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4/go.mod h1:Tp/ly1cTjRLGBBmNccFumbZ8oqpZlpdhFf80SrRh4is= github.com/aws/aws-sdk-go-v2/service/sts v1.33.0 h1:s7LRgBqhwLaxcocnAniBJp7gaAB+4I4vHzqUqjH18yc= github.com/aws/aws-sdk-go-v2/service/sts v1.33.0/go.mod h1:9XEUty5v5UAsMiFOBJrNibZgwCeOma73jgGwwhgffa8= -github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= -github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= +github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 48fb004048891ef9323b2906af9491875e67b861 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 10:06:25 +0000 Subject: [PATCH 33/60] Bump github.com/aws/aws-sdk-go-v2/service/autoscaling Bumps [github.com/aws/aws-sdk-go-v2/service/autoscaling](https://github.com/aws/aws-sdk-go-v2) from 1.51.2 to 1.51.10. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.51.2...service/autoscaling/v1.51.10) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/autoscaling dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 309f586fd8..a39f500655 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/aws/aws-sdk-go-v2 v1.36.0 github.com/aws/aws-sdk-go-v2/config v1.28.4 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 diff --git a/go.sum b/go.sum index 3e4524e7c6..0b846347a2 100644 --- a/go.sum +++ b/go.sum @@ -56,8 +56,8 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 h1:ACxDklUKKXb48+eg5R github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31/go.mod h1:yadnfsDwqXeVaohbGc/RaD287PuyRw2wugkh5ZL2J6k= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 h1:MSSstL6YXAw2K68L1kph02WTQHKeb/lwmbsMhswpjuY= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2/go.mod h1:t5bdAowh8MWq51TuDmltU+wtxMl/VaegNwSBaznkUYc= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10 h1:3w2RDmSyTFohNgecVfkyfycRBEmrAbi2XhcMrmtLhnc= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10/go.mod h1:e5rkwFOp5CwqgxtPx5ks/mfGPXm6ZhbRDHVVl9OeK8Q= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 h1:zmXJiEm/fQYtFDLIUsZrcPIjTrL3R/noFICGlYBj3Ww= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0/go.mod h1:9nOjXCDKE+QMK4JaCrLl36PU+VEfJmI7WVehYmojO8s= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12 h1:SZE/PDYBlP0+SoSVMQUHq5KFTkUccurn99yr1LiLroQ= From 09742d7a435dc7fb490def77983245c803f89efc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 10:06:28 +0000 Subject: [PATCH 34/60] Bump github.com/prometheus/common from 0.60.1 to 0.62.0 Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.60.1 to 0.62.0. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](https://github.com/prometheus/common/compare/v0.60.1...v0.62.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index a39f500655..19e03b3166 100644 --- a/go.mod +++ b/go.mod @@ -27,17 +27,17 @@ require ( github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 - github.com/prometheus/common v0.60.1 + github.com/prometheus/common v0.62.0 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.10.0 github.com/vishvananda/netlink v1.3.0 go.uber.org/zap v1.27.0 - golang.org/x/net v0.30.0 + golang.org/x/net v0.33.0 golang.org/x/sys v0.28.0 google.golang.org/grpc v1.67.1 - google.golang.org/protobuf v1.35.1 + google.golang.org/protobuf v1.36.1 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.16.4 @@ -171,7 +171,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect diff --git a/go.sum b/go.sum index 0b846347a2..55179b66e0 100644 --- a/go.sum +++ b/go.sum @@ -384,8 +384,8 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= -github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= +github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= @@ -489,8 +489,8 @@ golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -575,8 +575,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 740c7120d8f0e52e8dc4fccb584fe4b46293e095 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 10:20:50 +0000 Subject: [PATCH 35/60] Bump golang.org/x/sys from 0.28.0 to 0.29.0 in /test/agent Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.28.0 to 0.29.0. - [Commits](https://github.com/golang/sys/compare/v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 6f2eeb23d4..ca1225f077 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.8.0 github.com/vishvananda/netlink v1.3.0 - golang.org/x/sys v0.28.0 + golang.org/x/sys v0.29.0 ) require github.com/vishvananda/netns v0.0.4 // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 823171d3fc..283e4a08df 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -6,5 +6,5 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 3bf80b79bfad4b34b02f0873477c2e04bd526be9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 22:48:35 +0000 Subject: [PATCH 36/60] Bump golang.org/x/sys from 0.29.0 to 0.30.0 in /test/agent (#3198) --- test/agent/go.mod | 2 +- test/agent/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index ca1225f077..290aee759e 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/coreos/go-iptables v0.8.0 github.com/vishvananda/netlink v1.3.0 - golang.org/x/sys v0.29.0 + golang.org/x/sys v0.30.0 ) require github.com/vishvananda/netns v0.0.4 // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index 283e4a08df..e076b3c336 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -6,5 +6,5 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= From 9f81995ba5dc8e40bef57b37ca4cbefcb3118566 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Feb 2025 00:03:36 +0000 Subject: [PATCH 37/60] Bump github.com/aws/aws-sdk-go-v2/service/cloudwatch (#3199) --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 19e03b3166..48e12056fd 100644 --- a/go.mod +++ b/go.mod @@ -6,12 +6,12 @@ require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 - github.com/aws/aws-sdk-go-v2 v1.36.0 + github.com/aws/aws-sdk-go-v2 v1.36.1 github.com/aws/aws-sdk-go-v2/config v1.28.4 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 - github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12 + github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 github.com/aws/aws-sdk-go-v2/service/iam v1.38.3 @@ -61,8 +61,8 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.51.32 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.45 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect diff --git a/go.sum b/go.sum index 55179b66e0..06f26f5981 100644 --- a/go.sum +++ b/go.sum @@ -42,26 +42,26 @@ github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4y github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.36.0 h1:b1wM5CcE65Ujwn565qcwgtOTT1aT4ADOHHgglKjG7fk= -github.com/aws/aws-sdk-go-v2 v1.36.0/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM= +github.com/aws/aws-sdk-go-v2 v1.36.1 h1:iTDl5U6oAhkNPba0e1t1hrwAo02ZMqbrGq4k5JBWM5E= +github.com/aws/aws-sdk-go-v2 v1.36.1/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM= github.com/aws/aws-sdk-go-v2/config v1.28.4 h1:qgD0MKmkIzZR2DrAjWJcI9UkndjR+8f6sjUQvXh0mb0= github.com/aws/aws-sdk-go-v2/config v1.28.4/go.mod h1:LgnWnNzHZw4MLplSyEGia0WgJ/kCGD86zGCjvNpehJs= github.com/aws/aws-sdk-go-v2/credentials v1.17.45 h1:DUgm5lFso57E7150RBgu1JpVQoF8fAPretiDStIuVjg= github.com/aws/aws-sdk-go-v2/credentials v1.17.45/go.mod h1:dnBpENcPC1ekZrGpSWspX+ZRGzhkvqngT2Qp5xBR1dY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 h1:kqOrpojG71DxJm/KDPO+Z/y1phm1JlC8/iT+5XRmAn8= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22/go.mod h1:NtSFajXVVL8TA2QNngagVZmUtXciyrHOt7xgz4faS/M= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31 h1:lWm9ucLSRFiI4dQQafLrEOmEDGry3Swrz0BIRdiHJqQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.31/go.mod h1:Huu6GG0YTfbPphQkDSo4dEGmQRTKb9k9G7RdtyQWxuI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31 h1:ACxDklUKKXb48+eg5ROZXi1vDgfMyfIA/WyvqHcHI0o= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.31/go.mod h1:yadnfsDwqXeVaohbGc/RaD287PuyRw2wugkh5ZL2J6k= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 h1:BjUcr3X3K0wZPGFg2bxOWW3VPN8rkE3/61zhP+IHviA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32/go.mod h1:80+OGC/bgzzFFTUmcuwD0lb4YutwQeKLFpmt6hoWapU= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 h1:m1GeXHVMJsRsUAqG6HjZWx9dj7F5TR+cF1bjyfYyBd4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32/go.mod h1:IitoQxGfaKdVLNg0hD8/DXmAqNy0H4K2H2Sf91ti8sI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10 h1:3w2RDmSyTFohNgecVfkyfycRBEmrAbi2XhcMrmtLhnc= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10/go.mod h1:e5rkwFOp5CwqgxtPx5ks/mfGPXm6ZhbRDHVVl9OeK8Q= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 h1:zmXJiEm/fQYtFDLIUsZrcPIjTrL3R/noFICGlYBj3Ww= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0/go.mod h1:9nOjXCDKE+QMK4JaCrLl36PU+VEfJmI7WVehYmojO8s= -github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12 h1:SZE/PDYBlP0+SoSVMQUHq5KFTkUccurn99yr1LiLroQ= -github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.12/go.mod h1:LZrHBC9LwAoFniu+0g8csH9Jz20Es0AoeIxF6bNh6tQ= +github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14 h1:RdaxtOI+W9CqnFDLXkoFEkmNxR+ZOkzSqExvqmNqA3M= +github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14/go.mod h1:fwajvO52Dn+DVxtXQJeGLfnNq+Qm+Pul56XtOKCyN00= github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 h1:eBriSsQa4r7aiKF2wv1EGYbK3X1VnjAYvdOlepBUi8s= github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0/go.mod h1:0A17IIeys01WfjDKehspGP+Cyo/YH/eNADIbEbRS9yM= github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 h1:XqyUdJbXQxY48CbBtN9a51HoTQy/kTIwrWiruRDsydk= From 0dc2b6b57f7f76dc3c4be670d2f17689f68545f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Feb 2025 00:05:02 +0000 Subject: [PATCH 38/60] Bump github.com/aws/aws-sdk-go-v2/service/autoscaling Bumps [github.com/aws/aws-sdk-go-v2/service/autoscaling](https://github.com/aws/aws-sdk-go-v2) from 1.51.10 to 1.51.12. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/fsx/v1.51.10...service/autoscaling/v1.51.12) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/autoscaling dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 48e12056fd..72834c96c0 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/aws/aws-sdk-go-v2 v1.36.1 github.com/aws/aws-sdk-go-v2/config v1.28.4 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.22 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.12 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 diff --git a/go.sum b/go.sum index 06f26f5981..30b07ede48 100644 --- a/go.sum +++ b/go.sum @@ -56,8 +56,8 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 h1:m1GeXHVMJsRsUAqG6H github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32/go.mod h1:IitoQxGfaKdVLNg0hD8/DXmAqNy0H4K2H2Sf91ti8sI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10 h1:3w2RDmSyTFohNgecVfkyfycRBEmrAbi2XhcMrmtLhnc= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.10/go.mod h1:e5rkwFOp5CwqgxtPx5ks/mfGPXm6ZhbRDHVVl9OeK8Q= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.12 h1:Bfz5hDqAgm9NByWdA0zfof70CVkjb6SE3RwU75lj66Y= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.12/go.mod h1:+yg2Ygx7ParYfxoo1CLHzqD1zcmWuKNDfxuB8CrOx44= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 h1:zmXJiEm/fQYtFDLIUsZrcPIjTrL3R/noFICGlYBj3Ww= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0/go.mod h1:9nOjXCDKE+QMK4JaCrLl36PU+VEfJmI7WVehYmojO8s= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14 h1:RdaxtOI+W9CqnFDLXkoFEkmNxR+ZOkzSqExvqmNqA3M= From e91a87661832406542944d8decd4264b9227f347 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Feb 2025 01:51:55 +0000 Subject: [PATCH 39/60] Bump github.com/samber/lo from 1.39.0 to 1.49.1 (#3184) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 72834c96c0..1845a664fe 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.62.0 - github.com/samber/lo v1.39.0 + github.com/samber/lo v1.49.1 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.10.0 diff --git a/go.sum b/go.sum index 30b07ede48..2849033b90 100644 --- a/go.sum +++ b/go.sum @@ -399,8 +399,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/safchain/ethtool v0.4.0 h1:vq1i2HCjshJNywOXFZ1BpwIjyeFR/kvNdHiRzqSElDI= github.com/safchain/ethtool v0.4.0/go.mod h1:XLLnZmy4OCRTkksP/UiMjij96YmIsBfmBQcs7H6tA48= -github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= -github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= +github.com/samber/lo v1.49.1 h1:4BIFyVfuQSEpluc7Fua+j1NolZHiEHEpaSEKdsH0tew= +github.com/samber/lo v1.49.1/go.mod h1:dO6KHFzUKXgP8LDhU0oI8d2hekjXnGOu0DB8Jecxd6o= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= From dce8a9c47de31fd682e35e7a0a698a1b9b2eb2f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Feb 2025 02:29:49 +0000 Subject: [PATCH 40/60] Bump github.com/aws/aws-sdk-go-v2/service/eks from 1.52.1 to 1.58.0 (#3200) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1845a664fe..066762e3c4 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.0 github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14 github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 - github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 + github.com/aws/aws-sdk-go-v2/service/eks v1.58.0 github.com/aws/aws-sdk-go-v2/service/iam v1.38.3 github.com/aws/smithy-go v1.22.2 github.com/containernetworking/cni v1.2.3 diff --git a/go.sum b/go.sum index 2849033b90..0c01a36f0c 100644 --- a/go.sum +++ b/go.sum @@ -64,8 +64,8 @@ github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14 h1:RdaxtOI+W9CqnFDLXkoF github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.43.14/go.mod h1:fwajvO52Dn+DVxtXQJeGLfnNq+Qm+Pul56XtOKCyN00= github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0 h1:eBriSsQa4r7aiKF2wv1EGYbK3X1VnjAYvdOlepBUi8s= github.com/aws/aws-sdk-go-v2/service/ec2 v1.189.0/go.mod h1:0A17IIeys01WfjDKehspGP+Cyo/YH/eNADIbEbRS9yM= -github.com/aws/aws-sdk-go-v2/service/eks v1.52.1 h1:XqyUdJbXQxY48CbBtN9a51HoTQy/kTIwrWiruRDsydk= -github.com/aws/aws-sdk-go-v2/service/eks v1.52.1/go.mod h1:WTfZ/+I7aSMEna6iYm1Kjne9A8f1MyxXNfp6hCa1+Bk= +github.com/aws/aws-sdk-go-v2/service/eks v1.58.0 h1:CQn77jEQBLKtHXkiCN58IcrG1jj4w1EwhXRh+NeNhHc= +github.com/aws/aws-sdk-go-v2/service/eks v1.58.0/go.mod h1:N42HjGBTjTjcJolSqcG1s10xfeNTbAeLWI600lHgwIg= github.com/aws/aws-sdk-go-v2/service/iam v1.38.3 h1:2sFIoFzU1IEL9epJWubJm9Dhrn45aTNEJuwsesaCGnk= github.com/aws/aws-sdk-go-v2/service/iam v1.38.3/go.mod h1:KzlNINwfr/47tKkEhgk0r10/OZq3rjtyWy0txL3lM+I= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= From 7e3950f8c34934fff963b73997dc2f288a915f75 Mon Sep 17 00:00:00 2001 From: pavanipt Date: Tue, 18 Feb 2025 09:44:12 -0800 Subject: [PATCH 41/60] Add grpc call to fetch networkpolicymode from NP (#3202) * add rpc call to fetch np mode * go generate * nit: change print %t to %v --- pkg/ipamd/rpc_handler.go | 14 + rpc/mocks/rpc_mocks.go | 66 ++++- rpc/rpc.pb.go | 581 +++++++++++++++++++++++++++++++-------- rpc/rpc.proto | 10 + 4 files changed, 549 insertions(+), 122 deletions(-) diff --git a/pkg/ipamd/rpc_handler.go b/pkg/ipamd/rpc_handler.go index e5c7dcd9db..236fa0f0a9 100644 --- a/pkg/ipamd/rpc_handler.go +++ b/pkg/ipamd/rpc_handler.go @@ -30,6 +30,7 @@ import ( healthpb "google.golang.org/grpc/health/grpc_health_v1" "google.golang.org/grpc/reflection" "google.golang.org/grpc/status" + "google.golang.org/protobuf/types/known/emptypb" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" "github.com/aws/amazon-vpc-cni-k8s/pkg/networkutils" @@ -320,6 +321,18 @@ func (s *server) DelNetwork(ctx context.Context, in *rpc.DelNetworkRequest) (*rp return &rpc.DelNetworkReply{Success: err == nil, IPv4Addr: ipv4Addr, IPv6Addr: ipv6Addr, DeviceNumber: int32(deviceNumber)}, err } +func (s *server) GetNetworkPolicyConfigs(ctx context.Context, e *emptypb.Empty) (*rpc.NetworkPolicyAgentConfigReply, error) { + + log.Infof("Received request for Network Policy Agent configs") + + resp := &rpc.NetworkPolicyAgentConfigReply{ + NetworkPolicyMode: s.ipamContext.networkPolicyMode, + } + + log.Infof("Send NetworkPolicyAgentConfigReply: NetworkPolicyMode: %v", resp.NetworkPolicyMode) + return resp, nil +} + // RunRPCHandler handles request from gRPC func (c *IPAMContext) RunRPCHandler(version string) error { log.Infof("Serving RPC Handler version %s on %s", version, ipamdgRPCaddress) @@ -330,6 +343,7 @@ func (c *IPAMContext) RunRPCHandler(version string) error { } grpcServer := grpc.NewServer() rpc.RegisterCNIBackendServer(grpcServer, &server{version: version, ipamContext: c}) + rpc.RegisterConfigServerBackendServer(grpcServer, &server{version: version, ipamContext: c}) healthServer := health.NewServer() // If ipamd can talk to the API server and to the EC2 API, the pod is healthy. // No need to ever change this to HealthCheckResponse_NOT_SERVING since it's a local service only diff --git a/rpc/mocks/rpc_mocks.go b/rpc/mocks/rpc_mocks.go index cb8aedc9ca..078153b0a0 100644 --- a/rpc/mocks/rpc_mocks.go +++ b/rpc/mocks/rpc_mocks.go @@ -13,7 +13,7 @@ // // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/aws/amazon-vpc-cni-k8s/rpc (interfaces: CNIBackendClient,NPBackendClient) +// Source: github.com/aws/amazon-vpc-cni-k8s/rpc (interfaces: CNIBackendClient,NPBackendClient,ConfigServerBackendClient) // Package mock_rpc is a generated GoMock package. package mock_rpc @@ -25,6 +25,7 @@ import ( rpc "github.com/aws/amazon-vpc-cni-k8s/rpc" gomock "github.com/golang/mock/gomock" grpc "google.golang.org/grpc" + emptypb "google.golang.org/protobuf/types/known/emptypb" ) // MockCNIBackendClient is a mock of CNIBackendClient interface. @@ -113,6 +114,26 @@ func (m *MockNPBackendClient) EXPECT() *MockNPBackendClientMockRecorder { return m.recorder } +// DeletePodNp mocks base method. +func (m *MockNPBackendClient) DeletePodNp(arg0 context.Context, arg1 *rpc.DeleteNpRequest, arg2 ...grpc.CallOption) (*rpc.DeleteNpReply, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DeletePodNp", varargs...) + ret0, _ := ret[0].(*rpc.DeleteNpReply) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DeletePodNp indicates an expected call of DeletePodNp. +func (mr *MockNPBackendClientMockRecorder) DeletePodNp(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeletePodNp", reflect.TypeOf((*MockNPBackendClient)(nil).DeletePodNp), varargs...) +} + // EnforceNpToPod mocks base method. func (m *MockNPBackendClient) EnforceNpToPod(arg0 context.Context, arg1 *rpc.EnforceNpRequest, arg2 ...grpc.CallOption) (*rpc.EnforceNpReply, error) { m.ctrl.T.Helper() @@ -132,3 +153,46 @@ func (mr *MockNPBackendClientMockRecorder) EnforceNpToPod(arg0, arg1 interface{} varargs := append([]interface{}{arg0, arg1}, arg2...) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "EnforceNpToPod", reflect.TypeOf((*MockNPBackendClient)(nil).EnforceNpToPod), varargs...) } + +// MockConfigServerBackendClient is a mock of ConfigServerBackendClient interface. +type MockConfigServerBackendClient struct { + ctrl *gomock.Controller + recorder *MockConfigServerBackendClientMockRecorder +} + +// MockConfigServerBackendClientMockRecorder is the mock recorder for MockConfigServerBackendClient. +type MockConfigServerBackendClientMockRecorder struct { + mock *MockConfigServerBackendClient +} + +// NewMockConfigServerBackendClient creates a new mock instance. +func NewMockConfigServerBackendClient(ctrl *gomock.Controller) *MockConfigServerBackendClient { + mock := &MockConfigServerBackendClient{ctrl: ctrl} + mock.recorder = &MockConfigServerBackendClientMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockConfigServerBackendClient) EXPECT() *MockConfigServerBackendClientMockRecorder { + return m.recorder +} + +// GetNetworkPolicyConfigs mocks base method. +func (m *MockConfigServerBackendClient) GetNetworkPolicyConfigs(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*rpc.NetworkPolicyAgentConfigReply, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetNetworkPolicyConfigs", varargs...) + ret0, _ := ret[0].(*rpc.NetworkPolicyAgentConfigReply) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetNetworkPolicyConfigs indicates an expected call of GetNetworkPolicyConfigs. +func (mr *MockConfigServerBackendClientMockRecorder) GetNetworkPolicyConfigs(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetNetworkPolicyConfigs", reflect.TypeOf((*MockConfigServerBackendClient)(nil).GetNetworkPolicyConfigs), varargs...) +} diff --git a/rpc/rpc.pb.go b/rpc/rpc.pb.go index 24328e505e..f58cd2b05b 100644 --- a/rpc/rpc.pb.go +++ b/rpc/rpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.32.0 -// protoc v3.15.8 +// protoc-gen-go v1.31.0 +// protoc v4.25.6 // source: rpc.proto package rpc @@ -13,6 +13,7 @@ import ( status "google.golang.org/grpc/status" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + emptypb "google.golang.org/protobuf/types/known/emptypb" reflect "reflect" sync "sync" ) @@ -451,8 +452,9 @@ type EnforceNpRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - K8S_POD_NAME string `protobuf:"bytes,1,opt,name=K8S_POD_NAME,json=K8SPODNAME,proto3" json:"K8S_POD_NAME,omitempty"` - K8S_POD_NAMESPACE string `protobuf:"bytes,2,opt,name=K8S_POD_NAMESPACE,json=K8SPODNAMESPACE,proto3" json:"K8S_POD_NAMESPACE,omitempty"` + K8S_POD_NAME string `protobuf:"bytes,1,opt,name=K8S_POD_NAME,json=K8SPODNAME,proto3" json:"K8S_POD_NAME,omitempty"` + K8S_POD_NAMESPACE string `protobuf:"bytes,2,opt,name=K8S_POD_NAMESPACE,json=K8SPODNAMESPACE,proto3" json:"K8S_POD_NAMESPACE,omitempty"` + NETWORK_POLICY_MODE string `protobuf:"bytes,3,opt,name=NETWORK_POLICY_MODE,json=NETWORKPOLICYMODE,proto3" json:"NETWORK_POLICY_MODE,omitempty"` } func (x *EnforceNpRequest) Reset() { @@ -501,6 +503,13 @@ func (x *EnforceNpRequest) GetK8S_POD_NAMESPACE() string { return "" } +func (x *EnforceNpRequest) GetNETWORK_POLICY_MODE() string { + if x != nil { + return x.NETWORK_POLICY_MODE + } + return "" +} + type EnforceNpReply struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -548,113 +557,291 @@ func (x *EnforceNpReply) GetSuccess() bool { return false } +type DeleteNpRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + K8S_POD_NAME string `protobuf:"bytes,1,opt,name=K8S_POD_NAME,json=K8SPODNAME,proto3" json:"K8S_POD_NAME,omitempty"` + K8S_POD_NAMESPACE string `protobuf:"bytes,2,opt,name=K8S_POD_NAMESPACE,json=K8SPODNAMESPACE,proto3" json:"K8S_POD_NAMESPACE,omitempty"` +} + +func (x *DeleteNpRequest) Reset() { + *x = DeleteNpRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteNpRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteNpRequest) ProtoMessage() {} + +func (x *DeleteNpRequest) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteNpRequest.ProtoReflect.Descriptor instead. +func (*DeleteNpRequest) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{6} +} + +func (x *DeleteNpRequest) GetK8S_POD_NAME() string { + if x != nil { + return x.K8S_POD_NAME + } + return "" +} + +func (x *DeleteNpRequest) GetK8S_POD_NAMESPACE() string { + if x != nil { + return x.K8S_POD_NAMESPACE + } + return "" +} + +type DeleteNpReply struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Success bool `protobuf:"varint,1,opt,name=Success,proto3" json:"Success,omitempty"` +} + +func (x *DeleteNpReply) Reset() { + *x = DeleteNpReply{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteNpReply) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteNpReply) ProtoMessage() {} + +func (x *DeleteNpReply) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteNpReply.ProtoReflect.Descriptor instead. +func (*DeleteNpReply) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{7} +} + +func (x *DeleteNpReply) GetSuccess() bool { + if x != nil { + return x.Success + } + return false +} + +type NetworkPolicyAgentConfigReply struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + NetworkPolicyMode string `protobuf:"bytes,1,opt,name=NetworkPolicyMode,proto3" json:"NetworkPolicyMode,omitempty"` +} + +func (x *NetworkPolicyAgentConfigReply) Reset() { + *x = NetworkPolicyAgentConfigReply{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NetworkPolicyAgentConfigReply) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NetworkPolicyAgentConfigReply) ProtoMessage() {} + +func (x *NetworkPolicyAgentConfigReply) ProtoReflect() protoreflect.Message { + mi := &file_rpc_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NetworkPolicyAgentConfigReply.ProtoReflect.Descriptor instead. +func (*NetworkPolicyAgentConfigReply) Descriptor() ([]byte, []int) { + return file_rpc_proto_rawDescGZIP(), []int{8} +} + +func (x *NetworkPolicyAgentConfigReply) GetNetworkPolicyMode() string { + if x != nil { + return x.NetworkPolicyMode + } + return "" +} + var File_rpc_proto protoreflect.FileDescriptor var file_rpc_proto_rawDesc = []byte{ 0x0a, 0x09, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x72, 0x70, 0x63, - 0x22, 0xb5, 0x02, 0x0a, 0x11, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x43, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0c, - 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, - 0x0a, 0x11, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, - 0x41, 0x43, 0x45, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, - 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x12, 0x3a, 0x0a, 0x1a, 0x4b, 0x38, - 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x5f, 0x43, 0x4f, 0x4e, 0x54, - 0x41, 0x49, 0x4e, 0x45, 0x52, 0x5f, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, - 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x43, 0x4f, 0x4e, 0x54, 0x41, - 0x49, 0x4e, 0x45, 0x52, 0x49, 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, - 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x66, 0x4e, 0x61, - 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, - 0x12, 0x20, 0x0a, 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x4e, 0x65, 0x74, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x4e, 0x65, 0x74, 0x6e, 0x73, 0x22, 0xa9, 0x03, 0x0a, 0x0f, 0x41, 0x64, 0x64, - 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, - 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, - 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, 0x34, 0x41, 0x64, - 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x50, 0x76, 0x34, 0x41, 0x64, - 0x64, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, 0x36, 0x41, 0x64, 0x64, 0x72, 0x18, 0x0b, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x50, 0x76, 0x36, 0x41, 0x64, 0x64, 0x72, 0x12, 0x22, - 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x12, 0x28, 0x0a, 0x0f, 0x55, 0x73, 0x65, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x53, 0x4e, 0x41, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x55, 0x73, 0x65, - 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x4e, 0x41, 0x54, 0x12, 0x1e, 0x0a, 0x0a, - 0x56, 0x50, 0x43, 0x76, 0x34, 0x43, 0x49, 0x44, 0x52, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0a, 0x56, 0x50, 0x43, 0x76, 0x34, 0x43, 0x49, 0x44, 0x52, 0x73, 0x12, 0x1e, 0x0a, 0x0a, - 0x56, 0x50, 0x43, 0x76, 0x36, 0x43, 0x49, 0x44, 0x52, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0a, 0x56, 0x50, 0x43, 0x76, 0x36, 0x43, 0x49, 0x44, 0x52, 0x73, 0x12, 0x1c, 0x0a, 0x09, - 0x50, 0x6f, 0x64, 0x56, 0x6c, 0x61, 0x6e, 0x49, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x09, 0x50, 0x6f, 0x64, 0x56, 0x6c, 0x61, 0x6e, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, - 0x64, 0x45, 0x4e, 0x49, 0x4d, 0x41, 0x43, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, - 0x6f, 0x64, 0x45, 0x4e, 0x49, 0x4d, 0x41, 0x43, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x6f, 0x64, 0x45, - 0x4e, 0x49, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x47, 0x57, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0e, 0x50, 0x6f, 0x64, 0x45, 0x4e, 0x49, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x47, 0x57, - 0x12, 0x24, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x66, 0x49, 0x6e, 0x64, 0x65, - 0x78, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, - 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x2c, 0x0a, 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xb7, 0x02, 0x0a, 0x11, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x43, 0x6c, - 0x69, 0x65, 0x6e, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, - 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, - 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, - 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x12, 0x3a, - 0x0a, 0x1a, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x5f, - 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x45, 0x52, 0x5f, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x16, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x43, - 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x45, 0x52, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, - 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x61, 0x73, - 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, - 0x44, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, - 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xa5, - 0x01, 0x0a, 0x0f, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, - 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1a, 0x0a, 0x08, - 0x49, 0x50, 0x76, 0x34, 0x41, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x49, 0x50, 0x76, 0x34, 0x41, 0x64, 0x64, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, 0x36, - 0x41, 0x64, 0x64, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x50, 0x76, 0x36, - 0x41, 0x64, 0x64, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x75, - 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x44, 0x65, 0x76, 0x69, - 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x64, 0x56, - 0x6c, 0x61, 0x6e, 0x49, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x50, 0x6f, 0x64, - 0x56, 0x6c, 0x61, 0x6e, 0x49, 0x64, 0x22, 0x60, 0x0a, 0x10, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, - 0x65, 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, - 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, - 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, - 0x45, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, - 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x22, 0x2a, 0x0a, 0x0e, 0x45, 0x6e, 0x66, 0x6f, - 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x32, 0x88, 0x01, 0x0a, 0x0a, 0x43, 0x4e, 0x49, 0x42, 0x61, 0x63, 0x6b, - 0x65, 0x6e, 0x64, 0x12, 0x3c, 0x0a, 0x0a, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x12, 0x16, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, - 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, - 0x00, 0x12, 0x3c, 0x0a, 0x0a, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, - 0x16, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, - 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x32, - 0x4b, 0x0a, 0x09, 0x4e, 0x50, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x0e, - 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x54, 0x6f, 0x50, 0x6f, 0x64, 0x12, 0x15, - 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, 0x6e, 0x66, 0x6f, - 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, 0x2b, 0x5a, 0x29, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x77, 0x73, 0x2f, 0x61, - 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x2d, 0x76, 0x70, 0x63, 0x2d, 0x63, 0x6e, 0x69, 0x2d, 0x6b, 0x38, - 0x73, 0x2f, 0x72, 0x70, 0x63, 0x3b, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb5, 0x02, + 0x0a, 0x11, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x56, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x43, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, + 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, + 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, + 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x12, 0x3a, 0x0a, 0x1a, 0x4b, 0x38, 0x53, 0x5f, 0x50, + 0x4f, 0x44, 0x5f, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, + 0x45, 0x52, 0x5f, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x4b, 0x38, 0x53, + 0x50, 0x4f, 0x44, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x45, + 0x52, 0x49, 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x49, 0x44, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, + 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x4e, 0x65, 0x74, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x4e, 0x65, 0x74, 0x6e, 0x73, 0x22, 0xa9, 0x03, 0x0a, 0x0f, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, 0x34, 0x41, 0x64, 0x64, 0x72, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x50, 0x76, 0x34, 0x41, 0x64, 0x64, 0x72, 0x12, + 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, 0x36, 0x41, 0x64, 0x64, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x08, 0x49, 0x50, 0x76, 0x36, 0x41, 0x64, 0x64, 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x44, + 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, + 0x28, 0x0a, 0x0f, 0x55, 0x73, 0x65, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x4e, + 0x41, 0x54, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x55, 0x73, 0x65, 0x45, 0x78, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x4e, 0x41, 0x54, 0x12, 0x1e, 0x0a, 0x0a, 0x56, 0x50, 0x43, + 0x76, 0x34, 0x43, 0x49, 0x44, 0x52, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x56, + 0x50, 0x43, 0x76, 0x34, 0x43, 0x49, 0x44, 0x52, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x56, 0x50, 0x43, + 0x76, 0x36, 0x43, 0x49, 0x44, 0x52, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x56, + 0x50, 0x43, 0x76, 0x36, 0x43, 0x49, 0x44, 0x52, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x64, + 0x56, 0x6c, 0x61, 0x6e, 0x49, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x50, 0x6f, + 0x64, 0x56, 0x6c, 0x61, 0x6e, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x64, 0x45, 0x4e, + 0x49, 0x4d, 0x41, 0x43, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x6f, 0x64, 0x45, + 0x4e, 0x49, 0x4d, 0x41, 0x43, 0x12, 0x26, 0x0a, 0x0e, 0x50, 0x6f, 0x64, 0x45, 0x4e, 0x49, 0x53, + 0x75, 0x62, 0x6e, 0x65, 0x74, 0x47, 0x57, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x50, + 0x6f, 0x64, 0x45, 0x4e, 0x49, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x47, 0x57, 0x12, 0x24, 0x0a, + 0x0d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x66, 0x49, 0x6e, + 0x64, 0x65, 0x78, 0x12, 0x2c, 0x0a, 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, + 0x65, 0x22, 0xb7, 0x02, 0x0a, 0x11, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x43, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, + 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, + 0x0c, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, + 0x2a, 0x0a, 0x11, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, + 0x50, 0x41, 0x43, 0x45, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, + 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x12, 0x3a, 0x0a, 0x1a, 0x4b, + 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x5f, 0x43, 0x4f, 0x4e, + 0x54, 0x41, 0x49, 0x4e, 0x45, 0x52, 0x5f, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x16, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x49, 0x4e, 0x46, 0x52, 0x41, 0x43, 0x4f, 0x4e, 0x54, + 0x41, 0x49, 0x4e, 0x45, 0x52, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, + 0x20, 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x18, 0x08, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x49, + 0x44, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x4e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xa5, 0x01, 0x0a, 0x0f, + 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, + 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, + 0x34, 0x41, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x50, 0x76, + 0x34, 0x41, 0x64, 0x64, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, 0x36, 0x41, 0x64, 0x64, + 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x49, 0x50, 0x76, 0x36, 0x41, 0x64, 0x64, + 0x72, 0x12, 0x22, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, 0x65, + 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x64, 0x56, 0x6c, 0x61, 0x6e, + 0x49, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x50, 0x6f, 0x64, 0x56, 0x6c, 0x61, + 0x6e, 0x49, 0x64, 0x22, 0x90, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, + 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, 0x5f, + 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, 0x38, + 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, + 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x12, 0x2e, 0x0a, 0x13, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x11, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x50, 0x4f, 0x4c, 0x49, + 0x43, 0x59, 0x4d, 0x4f, 0x44, 0x45, 0x22, 0x2a, 0x0a, 0x0e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, + 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x22, 0x5f, 0x0a, 0x0f, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, + 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4b, 0x38, 0x53, + 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, 0x38, 0x53, 0x5f, 0x50, + 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, + 0x41, 0x43, 0x45, 0x22, 0x29, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, + 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x22, 0x4d, + 0x0a, 0x1d, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, + 0x67, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, + 0x2c, 0x0a, 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x4e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x32, 0x88, 0x01, + 0x0a, 0x0a, 0x43, 0x4e, 0x49, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3c, 0x0a, 0x0a, + 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x16, 0x2e, 0x72, 0x70, 0x63, + 0x2e, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x0a, 0x44, 0x65, + 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x16, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, + 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x32, 0x86, 0x01, 0x0a, 0x09, 0x4e, 0x50, 0x42, + 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, + 0x65, 0x4e, 0x70, 0x54, 0x6f, 0x50, 0x6f, 0x64, 0x12, 0x15, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, + 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x13, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, + 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x0b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x50, 0x6f, 0x64, 0x4e, 0x70, 0x12, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x72, 0x70, + 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, + 0x00, 0x32, 0x6e, 0x0a, 0x13, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x57, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x73, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x22, 0x2e, 0x72, 0x70, + 0x63, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, + 0x67, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, + 0x00, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x61, 0x77, 0x73, 0x2f, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x2d, 0x76, 0x70, 0x63, 0x2d, 0x63, + 0x6e, 0x69, 0x2d, 0x6b, 0x38, 0x73, 0x2f, 0x72, 0x70, 0x63, 0x3b, 0x72, 0x70, 0x63, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -669,24 +856,32 @@ func file_rpc_proto_rawDescGZIP() []byte { return file_rpc_proto_rawDescData } -var file_rpc_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_rpc_proto_msgTypes = make([]protoimpl.MessageInfo, 9) var file_rpc_proto_goTypes = []interface{}{ - (*AddNetworkRequest)(nil), // 0: rpc.AddNetworkRequest - (*AddNetworkReply)(nil), // 1: rpc.AddNetworkReply - (*DelNetworkRequest)(nil), // 2: rpc.DelNetworkRequest - (*DelNetworkReply)(nil), // 3: rpc.DelNetworkReply - (*EnforceNpRequest)(nil), // 4: rpc.EnforceNpRequest - (*EnforceNpReply)(nil), // 5: rpc.EnforceNpReply + (*AddNetworkRequest)(nil), // 0: rpc.AddNetworkRequest + (*AddNetworkReply)(nil), // 1: rpc.AddNetworkReply + (*DelNetworkRequest)(nil), // 2: rpc.DelNetworkRequest + (*DelNetworkReply)(nil), // 3: rpc.DelNetworkReply + (*EnforceNpRequest)(nil), // 4: rpc.EnforceNpRequest + (*EnforceNpReply)(nil), // 5: rpc.EnforceNpReply + (*DeleteNpRequest)(nil), // 6: rpc.DeleteNpRequest + (*DeleteNpReply)(nil), // 7: rpc.DeleteNpReply + (*NetworkPolicyAgentConfigReply)(nil), // 8: rpc.NetworkPolicyAgentConfigReply + (*emptypb.Empty)(nil), // 9: google.protobuf.Empty } var file_rpc_proto_depIdxs = []int32{ 0, // 0: rpc.CNIBackend.AddNetwork:input_type -> rpc.AddNetworkRequest 2, // 1: rpc.CNIBackend.DelNetwork:input_type -> rpc.DelNetworkRequest 4, // 2: rpc.NPBackend.EnforceNpToPod:input_type -> rpc.EnforceNpRequest - 1, // 3: rpc.CNIBackend.AddNetwork:output_type -> rpc.AddNetworkReply - 3, // 4: rpc.CNIBackend.DelNetwork:output_type -> rpc.DelNetworkReply - 5, // 5: rpc.NPBackend.EnforceNpToPod:output_type -> rpc.EnforceNpReply - 3, // [3:6] is the sub-list for method output_type - 0, // [0:3] is the sub-list for method input_type + 6, // 3: rpc.NPBackend.DeletePodNp:input_type -> rpc.DeleteNpRequest + 9, // 4: rpc.ConfigServerBackend.GetNetworkPolicyConfigs:input_type -> google.protobuf.Empty + 1, // 5: rpc.CNIBackend.AddNetwork:output_type -> rpc.AddNetworkReply + 3, // 6: rpc.CNIBackend.DelNetwork:output_type -> rpc.DelNetworkReply + 5, // 7: rpc.NPBackend.EnforceNpToPod:output_type -> rpc.EnforceNpReply + 7, // 8: rpc.NPBackend.DeletePodNp:output_type -> rpc.DeleteNpReply + 8, // 9: rpc.ConfigServerBackend.GetNetworkPolicyConfigs:output_type -> rpc.NetworkPolicyAgentConfigReply + 5, // [5:10] is the sub-list for method output_type + 0, // [0:5] is the sub-list for method input_type 0, // [0:0] is the sub-list for extension type_name 0, // [0:0] is the sub-list for extension extendee 0, // [0:0] is the sub-list for field type_name @@ -770,6 +965,42 @@ func file_rpc_proto_init() { return nil } } + file_rpc_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteNpRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteNpReply); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NetworkPolicyAgentConfigReply); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -777,9 +1008,9 @@ func file_rpc_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_rpc_proto_rawDesc, NumEnums: 0, - NumMessages: 6, + NumMessages: 9, NumExtensions: 0, - NumServices: 2, + NumServices: 3, }, GoTypes: file_rpc_proto_goTypes, DependencyIndexes: file_rpc_proto_depIdxs, @@ -912,6 +1143,7 @@ var _CNIBackend_serviceDesc = grpc.ServiceDesc{ // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. type NPBackendClient interface { EnforceNpToPod(ctx context.Context, in *EnforceNpRequest, opts ...grpc.CallOption) (*EnforceNpReply, error) + DeletePodNp(ctx context.Context, in *DeleteNpRequest, opts ...grpc.CallOption) (*DeleteNpReply, error) } type nPBackendClient struct { @@ -931,9 +1163,19 @@ func (c *nPBackendClient) EnforceNpToPod(ctx context.Context, in *EnforceNpReque return out, nil } +func (c *nPBackendClient) DeletePodNp(ctx context.Context, in *DeleteNpRequest, opts ...grpc.CallOption) (*DeleteNpReply, error) { + out := new(DeleteNpReply) + err := c.cc.Invoke(ctx, "/rpc.NPBackend/DeletePodNp", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // NPBackendServer is the server API for NPBackend service. type NPBackendServer interface { EnforceNpToPod(context.Context, *EnforceNpRequest) (*EnforceNpReply, error) + DeletePodNp(context.Context, *DeleteNpRequest) (*DeleteNpReply, error) } // UnimplementedNPBackendServer can be embedded to have forward compatible implementations. @@ -943,6 +1185,9 @@ type UnimplementedNPBackendServer struct { func (*UnimplementedNPBackendServer) EnforceNpToPod(context.Context, *EnforceNpRequest) (*EnforceNpReply, error) { return nil, status.Errorf(codes.Unimplemented, "method EnforceNpToPod not implemented") } +func (*UnimplementedNPBackendServer) DeletePodNp(context.Context, *DeleteNpRequest) (*DeleteNpReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeletePodNp not implemented") +} func RegisterNPBackendServer(s *grpc.Server, srv NPBackendServer) { s.RegisterService(&_NPBackend_serviceDesc, srv) @@ -966,6 +1211,24 @@ func _NPBackend_EnforceNpToPod_Handler(srv interface{}, ctx context.Context, dec return interceptor(ctx, in, info, handler) } +func _NPBackend_DeletePodNp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteNpRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(NPBackendServer).DeletePodNp(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/rpc.NPBackend/DeletePodNp", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(NPBackendServer).DeletePodNp(ctx, req.(*DeleteNpRequest)) + } + return interceptor(ctx, in, info, handler) +} + var _NPBackend_serviceDesc = grpc.ServiceDesc{ ServiceName: "rpc.NPBackend", HandlerType: (*NPBackendServer)(nil), @@ -974,6 +1237,82 @@ var _NPBackend_serviceDesc = grpc.ServiceDesc{ MethodName: "EnforceNpToPod", Handler: _NPBackend_EnforceNpToPod_Handler, }, + { + MethodName: "DeletePodNp", + Handler: _NPBackend_DeletePodNp_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "rpc.proto", +} + +// ConfigServerBackendClient is the client API for ConfigServerBackend service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type ConfigServerBackendClient interface { + GetNetworkPolicyConfigs(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*NetworkPolicyAgentConfigReply, error) +} + +type configServerBackendClient struct { + cc grpc.ClientConnInterface +} + +func NewConfigServerBackendClient(cc grpc.ClientConnInterface) ConfigServerBackendClient { + return &configServerBackendClient{cc} +} + +func (c *configServerBackendClient) GetNetworkPolicyConfigs(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*NetworkPolicyAgentConfigReply, error) { + out := new(NetworkPolicyAgentConfigReply) + err := c.cc.Invoke(ctx, "/rpc.ConfigServerBackend/GetNetworkPolicyConfigs", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ConfigServerBackendServer is the server API for ConfigServerBackend service. +type ConfigServerBackendServer interface { + GetNetworkPolicyConfigs(context.Context, *emptypb.Empty) (*NetworkPolicyAgentConfigReply, error) +} + +// UnimplementedConfigServerBackendServer can be embedded to have forward compatible implementations. +type UnimplementedConfigServerBackendServer struct { +} + +func (*UnimplementedConfigServerBackendServer) GetNetworkPolicyConfigs(context.Context, *emptypb.Empty) (*NetworkPolicyAgentConfigReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetNetworkPolicyConfigs not implemented") +} + +func RegisterConfigServerBackendServer(s *grpc.Server, srv ConfigServerBackendServer) { + s.RegisterService(&_ConfigServerBackend_serviceDesc, srv) +} + +func _ConfigServerBackend_GetNetworkPolicyConfigs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(emptypb.Empty) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ConfigServerBackendServer).GetNetworkPolicyConfigs(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/rpc.ConfigServerBackend/GetNetworkPolicyConfigs", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ConfigServerBackendServer).GetNetworkPolicyConfigs(ctx, req.(*emptypb.Empty)) + } + return interceptor(ctx, in, info, handler) +} + +var _ConfigServerBackend_serviceDesc = grpc.ServiceDesc{ + ServiceName: "rpc.ConfigServerBackend", + HandlerType: (*ConfigServerBackendServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "GetNetworkPolicyConfigs", + Handler: _ConfigServerBackend_GetNetworkPolicyConfigs_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "rpc.proto", diff --git a/rpc/rpc.proto b/rpc/rpc.proto index 6e7322eb12..13d4d030d8 100644 --- a/rpc/rpc.proto +++ b/rpc/rpc.proto @@ -3,6 +3,7 @@ syntax = "proto3"; package rpc; option go_package = "github.com/aws/amazon-vpc-cni-k8s/rpc;rpc"; +import "google/protobuf/empty.proto"; // The service definition. service CNIBackend { @@ -79,4 +80,13 @@ message EnforceNpRequest { message EnforceNpReply { bool Success = 1; +} + +// The service definition. +service ConfigServerBackend { + rpc GetNetworkPolicyConfigs (google.protobuf.Empty) returns (NetworkPolicyAgentConfigReply) {} +} + +message NetworkPolicyAgentConfigReply { + string NetworkPolicyMode = 1; } \ No newline at end of file From 92a09cfc58f31cc1503b1b1417e1142063d14804 Mon Sep 17 00:00:00 2001 From: Pavani Panakanti Date: Mon, 3 Feb 2025 19:36:31 +0000 Subject: [PATCH 42/60] Changes to attach probes at pod start --- cmd/routed-eni-cni-plugin/cni.go | 73 ++++++++++++++++++--------- cmd/routed-eni-cni-plugin/cni_test.go | 38 +++++++++++++- rpc/rpc.proto | 2 + utils/utils.go | 5 -- 4 files changed, 87 insertions(+), 31 deletions(-) diff --git a/cmd/routed-eni-cni-plugin/cni.go b/cmd/routed-eni-cni-plugin/cni.go index 809a411433..e75ef19206 100644 --- a/cmd/routed-eni-cni-plugin/cni.go +++ b/cmd/routed-eni-cni-plugin/cni.go @@ -42,7 +42,6 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/cniutils" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" pb "github.com/aws/amazon-vpc-cni-k8s/rpc" - "github.com/aws/amazon-vpc-cni-k8s/utils" ) const ipamdAddress = "127.0.0.1:50051" @@ -279,34 +278,33 @@ func add(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap // dummy interface is appended to PrevResult for use during cleanup result.Interfaces = append(result.Interfaces, dummyInterface) - if utils.IsStrictMode(r.NetworkPolicyMode) { - // Set up a connection to the network policy agent - npConn, err := grpcClient.Dial(npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) - if err != nil { - log.Errorf("Failed to connect to network policy agent: %v", err) - return errors.Wrap(err, "add cmd: failed to connect to network policy agent backend server") - } - defer npConn.Close() + // Set up a connection to the network policy agent + npConn, err := grpcClient.Dial(npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + log.Errorf("Failed to connect to network policy agent: %v", err) + return errors.Wrap(err, "add cmd: failed to connect to network policy agent backend server") + } + defer npConn.Close() - //Make a GRPC call for network policy agent - npc := rpcClient.NewNPBackendClient(npConn) + //Make a GRPC call for network policy agent + npc := rpcClient.NewNPBackendClient(npConn) - npr, err := npc.EnforceNpToPod(context.Background(), - &pb.EnforceNpRequest{ - K8S_POD_NAME: string(k8sArgs.K8S_POD_NAME), - K8S_POD_NAMESPACE: string(k8sArgs.K8S_POD_NAMESPACE), - }) - - // No need to cleanup IP and network, kubelet will send delete. - if err != nil || !npr.Success { - log.Errorf("Failed to setup default network policy for Pod Name %s and NameSpace %s: GRPC returned - %v Network policy agent returned - %v", - string(k8sArgs.K8S_POD_NAME), string(k8sArgs.K8S_POD_NAMESPACE), err, npr) - return errors.New("add cmd: failed to setup network policy in strict mode") - } + npr, err := npc.EnforceNpToPod(context.Background(), + &pb.EnforceNpRequest{ + K8S_POD_NAME: string(k8sArgs.K8S_POD_NAME), + K8S_POD_NAMESPACE: string(k8sArgs.K8S_POD_NAMESPACE), + NETWORK_POLICY_MODE: r.NetworkPolicyMode, + }) - log.Debugf("Network Policy agent returned Success : %v", npr.Success) + // No need to cleanup IP and network, kubelet will send delete. + if err != nil || !npr.Success { + log.Errorf("Failed to setup default network policy for Pod Name %s and NameSpace %s: GRPC returned - %v Network policy agent returned - %v", + string(k8sArgs.K8S_POD_NAME), string(k8sArgs.K8S_POD_NAMESPACE), err, npr) + return errors.New("add cmd: failed to setup network policy") } + log.Debugf("Network Policy agent for EnforceNpToPod returned Success : %v", npr.Success) + return cniTypes.PrintResult(result, conf.CNIVersion) } @@ -444,6 +442,33 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap } else { log.Warnf("Container %s did not have a valid IP %s", args.ContainerID, r.IPv4Addr) } + + // Set up a connection to the network policy agent + npConn, err := grpcClient.Dial(npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + log.Errorf("Failed to connect to network policy agent: %v", err) + } else { + defer npConn.Close() + + //Make a GRPC call for network policy agent + npc := rpcClient.NewNPBackendClient(npConn) + + npr, err := npc.DeletePodNp(context.Background(), + &pb.DeleteNpRequest{ + K8S_POD_NAME: string(k8sArgs.K8S_POD_NAME), + K8S_POD_NAMESPACE: string(k8sArgs.K8S_POD_NAMESPACE), + }) + + // NP agent will never return an error if its not able to delete ebpf probes + if err != nil || !npr.Success { + log.Errorf("Failed to delete pod network policy for Pod Name %s and NameSpace %s: GRPC returned - %v Network policy agent returned - %v", + string(k8sArgs.K8S_POD_NAME), string(k8sArgs.K8S_POD_NAMESPACE), err, npr) + return errors.New("del cmd: failed to setup network policy") + } + + log.Debugf("Network Policy agent for DeletePodNp returned Success : %v", npr.Success) + } + return nil } diff --git a/cmd/routed-eni-cni-plugin/cni_test.go b/cmd/routed-eni-cni-plugin/cni_test.go index 4535b08ac0..987ebe1ee5 100644 --- a/cmd/routed-eni-cni-plugin/cni_test.go +++ b/cmd/routed-eni-cni-plugin/cni_test.go @@ -94,6 +94,15 @@ func TestCmdAdd(t *testing.T) { mockC := mock_rpc.NewMockCNIBackendClient(ctrl) mocksRPC.EXPECT().NewCNIBackendClient(conn).Return(mockC) + npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) + + mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mockNP := mock_rpc.NewMockNPBackendClient(ctrl) + mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) + + enforceNpReply := &rpc.EnforceNpReply{Success: true} + mockNP.EXPECT().EnforceNpToPod(gomock.Any(), gomock.Any()).Return(enforceNpReply, nil) + addNetworkReply := &rpc.AddNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum, NetworkPolicyMode: "none"} mockC.EXPECT().AddNetwork(gomock.Any(), gomock.Any()).Return(addNetworkReply, nil) @@ -281,10 +290,18 @@ func TestCmdDel(t *testing.T) { mockC := mock_rpc.NewMockCNIBackendClient(ctrl) mocksRPC.EXPECT().NewCNIBackendClient(conn).Return(mockC) - delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum} + npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) + + mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mockNP := mock_rpc.NewMockNPBackendClient(ctrl) + mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) + delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum} mockC.EXPECT().DelNetwork(gomock.Any(), gomock.Any()).Return(delNetworkReply, nil) + deleteNpReply := &rpc.DeleteNpReply{Success: true} + mockNP.EXPECT().DeletePodNp(gomock.Any(), gomock.Any()).Return(deleteNpReply, nil) + addr := &net.IPNet{ IP: net.ParseIP(delNetworkReply.IPv4Addr), Mask: net.IPv4Mask(255, 255, 255, 255), @@ -377,10 +394,19 @@ func TestCmdAddForPodENINetwork(t *testing.T) { mockC := mock_rpc.NewMockCNIBackendClient(ctrl) mocksRPC.EXPECT().NewCNIBackendClient(conn).Return(mockC) + npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) + + mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mockNP := mock_rpc.NewMockNPBackendClient(ctrl) + mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) + addNetworkReply := &rpc.AddNetworkReply{Success: true, IPv4Addr: ipAddr, PodENISubnetGW: "10.0.0.1", PodVlanId: 1, PodENIMAC: "eniHardwareAddr", ParentIfIndex: 2, NetworkPolicyMode: "none"} mockC.EXPECT().AddNetwork(gomock.Any(), gomock.Any()).Return(addNetworkReply, nil) + enforceNpReply := &rpc.EnforceNpReply{Success: true} + mockNP.EXPECT().EnforceNpToPod(gomock.Any(), gomock.Any()).Return(enforceNpReply, nil) + addr := &net.IPNet{ IP: net.ParseIP(addNetworkReply.IPv4Addr), Mask: net.IPv4Mask(255, 255, 255, 255), @@ -414,10 +440,18 @@ func TestCmdDelForPodENINetwork(t *testing.T) { mockC := mock_rpc.NewMockCNIBackendClient(ctrl) mocksRPC.EXPECT().NewCNIBackendClient(conn).Return(mockC) - delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, PodVlanId: 1} + npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) + + mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mockNP := mock_rpc.NewMockNPBackendClient(ctrl) + mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) + delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, PodVlanId: 1} mockC.EXPECT().DelNetwork(gomock.Any(), gomock.Any()).Return(delNetworkReply, nil) + deleteNpReply := &rpc.DeleteNpReply{Success: true} + mockNP.EXPECT().DeletePodNp(gomock.Any(), gomock.Any()).Return(deleteNpReply, nil) + addr := &net.IPNet{ IP: net.ParseIP(delNetworkReply.IPv4Addr), Mask: net.IPv4Mask(255, 255, 255, 255), diff --git a/rpc/rpc.proto b/rpc/rpc.proto index 13d4d030d8..794a7eb2e4 100644 --- a/rpc/rpc.proto +++ b/rpc/rpc.proto @@ -71,11 +71,13 @@ message DelNetworkReply { // The service definition. service NPBackend { rpc EnforceNpToPod (EnforceNpRequest) returns (EnforceNpReply) {} + rpc DeletePodNp (DeleteNpRequest) returns (DeleteNpReply) {} } message EnforceNpRequest { string K8S_POD_NAME = 1; string K8S_POD_NAMESPACE = 2; + string NETWORK_POLICY_MODE = 3; } message EnforceNpReply { diff --git a/utils/utils.go b/utils/utils.go index 6f59986eb2..c4bde4a6dc 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -65,8 +65,3 @@ func IsValidNetworkPolicyEnforcingMode(input string) bool { return false } } - -// IsStrictMode checks if strict mode is enabled -func IsStrictMode(input string) bool { - return strings.ToLower(input) == string(Strict) -} From f4f7a8f9b17cb0180e8c3f930e5f90902a62805f Mon Sep 17 00:00:00 2001 From: Pavani Panakanti Date: Thu, 6 Feb 2025 00:48:28 +0000 Subject: [PATCH 43/60] minor error change --- cmd/routed-eni-cni-plugin/cni.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/routed-eni-cni-plugin/cni.go b/cmd/routed-eni-cni-plugin/cni.go index e75ef19206..4aaa3a28c4 100644 --- a/cmd/routed-eni-cni-plugin/cni.go +++ b/cmd/routed-eni-cni-plugin/cni.go @@ -463,7 +463,6 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap if err != nil || !npr.Success { log.Errorf("Failed to delete pod network policy for Pod Name %s and NameSpace %s: GRPC returned - %v Network policy agent returned - %v", string(k8sArgs.K8S_POD_NAME), string(k8sArgs.K8S_POD_NAMESPACE), err, npr) - return errors.New("del cmd: failed to setup network policy") } log.Debugf("Network Policy agent for DeletePodNp returned Success : %v", npr.Success) From 225fe1dc964e3c26724e1aa05998ba2e1cd9f1f9 Mon Sep 17 00:00:00 2001 From: Pavani Panakanti Date: Mon, 17 Feb 2025 17:54:48 +0000 Subject: [PATCH 44/60] do not ret error on grpc dial --- cmd/routed-eni-cni-plugin/cni.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/routed-eni-cni-plugin/cni.go b/cmd/routed-eni-cni-plugin/cni.go index 4aaa3a28c4..c7eadb9b3e 100644 --- a/cmd/routed-eni-cni-plugin/cni.go +++ b/cmd/routed-eni-cni-plugin/cni.go @@ -279,10 +279,13 @@ func add(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap result.Interfaces = append(result.Interfaces, dummyInterface) // Set up a connection to the network policy agent + // Cx might have removed np container if they are not using network policies + // If we are not able to connect to np agent we do not return return error here. If NP agent grpc is not up + // and listening, NP agent will be in crash loop and we will catch the issue there npConn, err := grpcClient.Dial(npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { log.Errorf("Failed to connect to network policy agent: %v", err) - return errors.Wrap(err, "add cmd: failed to connect to network policy agent backend server") + return cniTypes.PrintResult(result, conf.CNIVersion) } defer npConn.Close() From df21645bb775ae348c86e28321d3ce44d67697bc Mon Sep 17 00:00:00 2001 From: Pavani Panakanti Date: Tue, 18 Feb 2025 14:31:18 +0000 Subject: [PATCH 45/60] add dial with context --- cmd/routed-eni-cni-plugin/cni.go | 49 ++++++++++++++++++-------------- pkg/grpcwrapper/client.go | 6 ++++ 2 files changed, 33 insertions(+), 22 deletions(-) diff --git a/cmd/routed-eni-cni-plugin/cni.go b/cmd/routed-eni-cni-plugin/cni.go index c7eadb9b3e..834bc59548 100644 --- a/cmd/routed-eni-cni-plugin/cni.go +++ b/cmd/routed-eni-cni-plugin/cni.go @@ -22,6 +22,7 @@ import ( "runtime" "strconv" "strings" + "time" "github.com/containernetworking/cni/pkg/skel" "github.com/containernetworking/cni/pkg/types" @@ -31,7 +32,7 @@ import ( "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" - + "github.com/aws/amazon-vpc-cni-k8s/cmd/routed-eni-cni-plugin/driver" "github.com/aws/amazon-vpc-cni-k8s/pkg/grpcwrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" @@ -50,6 +51,8 @@ const npAgentAddress = "127.0.0.1:50052" const dummyInterfacePrefix = "dummy" +const npAgentConnTimeout = 2 + var version string // NetConf stores the common network config for the CNI plugin @@ -282,9 +285,11 @@ func add(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap // Cx might have removed np container if they are not using network policies // If we are not able to connect to np agent we do not return return error here. If NP agent grpc is not up // and listening, NP agent will be in crash loop and we will catch the issue there - npConn, err := grpcClient.Dial(npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) + ctx, cancel := context.WithTimeout(context.Background(), npAgentConnTimeout*time.Second) // Set timeout + defer cancel() + npConn, err := grpcClient.DialContext(ctx, npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithBlock()) if err != nil { - log.Errorf("Failed to connect to network policy agent: %v", err) + log.Infof("Failed to connect to network policy agent: %v. Network Policy agent might not be running", err) return cniTypes.PrintResult(result, conf.CNIVersion) } defer npConn.Close() @@ -447,30 +452,30 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap } // Set up a connection to the network policy agent - npConn, err := grpcClient.Dial(npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) + ctx, cancel := context.WithTimeout(context.Background(), npAgentConnTimeout*time.Second) // Set timeout + defer cancel() + npConn, err := grpcClient.DialContext(ctx, npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithBlock()) if err != nil { - log.Errorf("Failed to connect to network policy agent: %v", err) - } else { - defer npConn.Close() - - //Make a GRPC call for network policy agent - npc := rpcClient.NewNPBackendClient(npConn) - - npr, err := npc.DeletePodNp(context.Background(), - &pb.DeleteNpRequest{ - K8S_POD_NAME: string(k8sArgs.K8S_POD_NAME), - K8S_POD_NAMESPACE: string(k8sArgs.K8S_POD_NAMESPACE), - }) + log.Infof("Failed to connect to network policy agent: %v. Network Policy agent might not be running", err) + return nil + } + defer npConn.Close() + //Make a GRPC call for network policy agent + npc := rpcClient.NewNPBackendClient(npConn) - // NP agent will never return an error if its not able to delete ebpf probes - if err != nil || !npr.Success { - log.Errorf("Failed to delete pod network policy for Pod Name %s and NameSpace %s: GRPC returned - %v Network policy agent returned - %v", - string(k8sArgs.K8S_POD_NAME), string(k8sArgs.K8S_POD_NAMESPACE), err, npr) - } + npr, err := npc.DeletePodNp(context.Background(), + &pb.DeleteNpRequest{ + K8S_POD_NAME: string(k8sArgs.K8S_POD_NAME), + K8S_POD_NAMESPACE: string(k8sArgs.K8S_POD_NAMESPACE), + }) - log.Debugf("Network Policy agent for DeletePodNp returned Success : %v", npr.Success) + // NP agent will never return an error if its not able to delete ebpf probes + if err != nil || !npr.Success { + log.Errorf("Failed to delete pod network policy for Pod Name %s and NameSpace %s: GRPC returned - %v Network policy agent returned - %v", + string(k8sArgs.K8S_POD_NAME), string(k8sArgs.K8S_POD_NAMESPACE), err, npr) } + log.Debugf("Network Policy agent for DeletePodNp returned Success : %v", npr.Success) return nil } diff --git a/pkg/grpcwrapper/client.go b/pkg/grpcwrapper/client.go index 1860325d3d..bc7d5fdbc7 100644 --- a/pkg/grpcwrapper/client.go +++ b/pkg/grpcwrapper/client.go @@ -15,12 +15,14 @@ package grpcwrapper import ( + "context" google_grpc "google.golang.org/grpc" ) // GRPC is the ipamd client Dial interface type GRPC interface { Dial(target string, opts ...google_grpc.DialOption) (*google_grpc.ClientConn, error) + DialContext(ctx context.Context, target string, opts ...google_grpc.DialOption) (*google_grpc.ClientConn, error) } type cniGRPC struct{} @@ -33,3 +35,7 @@ func New() GRPC { func (*cniGRPC) Dial(target string, opts ...google_grpc.DialOption) (*google_grpc.ClientConn, error) { return google_grpc.Dial(target, opts...) } + +func (*cniGRPC) DialContext(ctx context.Context, target string, opts ...google_grpc.DialOption) (*google_grpc.ClientConn, error) { + return google_grpc.DialContext(ctx, target, opts...) +} From af32e99c8b88f3f1d98066c8d04a51d1248c10e6 Mon Sep 17 00:00:00 2001 From: Hao Zhou Date: Tue, 18 Feb 2025 10:55:58 -0800 Subject: [PATCH 46/60] update mocked grpc wrapper and unit tests add new lines to satisfy format check update unit tests for DialContext --- cmd/routed-eni-cni-plugin/cni.go | 2 +- cmd/routed-eni-cni-plugin/cni_test.go | 18 +++++++++--------- pkg/grpcwrapper/client.go | 1 + pkg/grpcwrapper/mocks/grpcwrapper_mocks.go | 21 +++++++++++++++++++++ 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/cmd/routed-eni-cni-plugin/cni.go b/cmd/routed-eni-cni-plugin/cni.go index 834bc59548..bfecb979c3 100644 --- a/cmd/routed-eni-cni-plugin/cni.go +++ b/cmd/routed-eni-cni-plugin/cni.go @@ -32,7 +32,7 @@ import ( "golang.org/x/net/context" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" - + "github.com/aws/amazon-vpc-cni-k8s/cmd/routed-eni-cni-plugin/driver" "github.com/aws/amazon-vpc-cni-k8s/pkg/grpcwrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" diff --git a/cmd/routed-eni-cni-plugin/cni_test.go b/cmd/routed-eni-cni-plugin/cni_test.go index 987ebe1ee5..8954489fb4 100644 --- a/cmd/routed-eni-cni-plugin/cni_test.go +++ b/cmd/routed-eni-cni-plugin/cni_test.go @@ -95,13 +95,13 @@ func TestCmdAdd(t *testing.T) { mocksRPC.EXPECT().NewCNIBackendClient(conn).Return(mockC) npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) + mocksGRPC.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(npConn, nil).Times(1) - mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) mockNP := mock_rpc.NewMockNPBackendClient(ctrl) - mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) + mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP).Times(1) enforceNpReply := &rpc.EnforceNpReply{Success: true} - mockNP.EXPECT().EnforceNpToPod(gomock.Any(), gomock.Any()).Return(enforceNpReply, nil) + mockNP.EXPECT().EnforceNpToPod(gomock.Any(), gomock.Any()).Return(enforceNpReply, nil).Times(1) addNetworkReply := &rpc.AddNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum, NetworkPolicyMode: "none"} mockC.EXPECT().AddNetwork(gomock.Any(), gomock.Any()).Return(addNetworkReply, nil) @@ -113,7 +113,7 @@ func TestCmdAdd(t *testing.T) { mocksNetwork.EXPECT().SetupPodNetwork(gomock.Any(), cmdArgs.IfName, cmdArgs.Netns, v4Addr, nil, int(addNetworkReply.DeviceNumber), gomock.Any(), gomock.Any()).Return(nil) - mocksTypes.EXPECT().PrintResult(gomock.Any(), gomock.Any()).Return(nil) + mocksTypes.EXPECT().PrintResult(gomock.Any(), gomock.Any()).Return(nil).Times(1) err := add(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) assert.Nil(t, err) @@ -140,7 +140,7 @@ func TestCmdAddWithNPenabled(t *testing.T) { npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) - mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mocksGRPC.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(npConn, nil).Times(1) mockNP := mock_rpc.NewMockNPBackendClient(ctrl) mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) @@ -184,7 +184,7 @@ func TestCmdAddWithNPenabledWithErr(t *testing.T) { npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) - mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mocksGRPC.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(npConn, nil).Times(1) mockNP := mock_rpc.NewMockNPBackendClient(ctrl) mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) @@ -292,7 +292,7 @@ func TestCmdDel(t *testing.T) { npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) - mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mocksGRPC.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(npConn, nil).Times(1) mockNP := mock_rpc.NewMockNPBackendClient(ctrl) mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) @@ -396,7 +396,7 @@ func TestCmdAddForPodENINetwork(t *testing.T) { npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) - mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mocksGRPC.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(npConn, nil).Times(1) mockNP := mock_rpc.NewMockNPBackendClient(ctrl) mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) @@ -442,7 +442,7 @@ func TestCmdDelForPodENINetwork(t *testing.T) { npConn, _ := grpc.Dial(npAgentAddress, grpc.WithInsecure()) - mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(npConn, nil) + mocksGRPC.EXPECT().DialContext(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(npConn, nil).Times(1) mockNP := mock_rpc.NewMockNPBackendClient(ctrl) mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) diff --git a/pkg/grpcwrapper/client.go b/pkg/grpcwrapper/client.go index bc7d5fdbc7..9e202d958f 100644 --- a/pkg/grpcwrapper/client.go +++ b/pkg/grpcwrapper/client.go @@ -16,6 +16,7 @@ package grpcwrapper import ( "context" + google_grpc "google.golang.org/grpc" ) diff --git a/pkg/grpcwrapper/mocks/grpcwrapper_mocks.go b/pkg/grpcwrapper/mocks/grpcwrapper_mocks.go index 628792ee20..81855ae2de 100644 --- a/pkg/grpcwrapper/mocks/grpcwrapper_mocks.go +++ b/pkg/grpcwrapper/mocks/grpcwrapper_mocks.go @@ -19,6 +19,7 @@ package mock_grpcwrapper import ( + context "context" reflect "reflect" gomock "github.com/golang/mock/gomock" @@ -67,3 +68,23 @@ func (mr *MockGRPCMockRecorder) Dial(arg0 interface{}, arg1 ...interface{}) *gom varargs := append([]interface{}{arg0}, arg1...) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Dial", reflect.TypeOf((*MockGRPC)(nil).Dial), varargs...) } + +// DialContext mocks base method. +func (m *MockGRPC) DialContext(arg0 context.Context, arg1 string, arg2 ...grpc.DialOption) (*grpc.ClientConn, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DialContext", varargs...) + ret0, _ := ret[0].(*grpc.ClientConn) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DialContext indicates an expected call of DialContext. +func (mr *MockGRPCMockRecorder) DialContext(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DialContext", reflect.TypeOf((*MockGRPC)(nil).DialContext), varargs...) +} From 28c99c9443d2c3a3408cf9d1d67f7e395dd92ee8 Mon Sep 17 00:00:00 2001 From: Adam Buran Date: Wed, 19 Feb 2025 18:52:04 -0800 Subject: [PATCH 47/60] improvement: add podmonitor for vpc metric collection (#3061) * add podmonitor for vpc metric collections Signed-off-by: adam_buran * expose nodeagent metrics port Signed-off-by: adam_buran * expose nodeagent metrics port in values.yaml Signed-off-by: adam_buran * update to add agent metrics to podmonitor Signed-off-by: adam_buran --------- Signed-off-by: adam_buran Co-authored-by: adam_buran Co-authored-by: Senthil Kumaran --- charts/aws-vpc-cni/templates/daemonset.yaml | 3 ++ charts/aws-vpc-cni/templates/podmonitor.yaml | 40 ++++++++++++++++++++ charts/aws-vpc-cni/values.yaml | 15 ++++++++ 3 files changed, 58 insertions(+) create mode 100644 charts/aws-vpc-cni/templates/podmonitor.yaml diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index e41879d518..3a0198bbe1 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -128,6 +128,9 @@ spec: - name: aws-eks-nodeagent image: {{ include "aws-vpc-cni.nodeAgentImage" . }} imagePullPolicy: {{ .Values.nodeAgent.image.pullPolicy }} + ports: + - containerPort: {{ .Values.nodeAgent.metricsBindAddr}} + name: agentmetrics env: - name: MY_NODE_NAME valueFrom: diff --git a/charts/aws-vpc-cni/templates/podmonitor.yaml b/charts/aws-vpc-cni/templates/podmonitor.yaml new file mode 100644 index 0000000000..e507a7e91d --- /dev/null +++ b/charts/aws-vpc-cni/templates/podmonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.podMonitor.create }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "aws-vpc-cni.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- with .Values.podMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.podMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ include "aws-vpc-cni.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + podMetricsEndpoints: + - interval: {{ .Values.podMonitor.interval }} + path: /metrics + port: metrics + {{- with .Values.podMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.nodeAgent.enabled }} + - interval: {{ .Values.podMonitor.interval }} + path: /metrics + port: agentmetrics + {{- with .Values.podMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + selector: + matchLabels: + k8s-app: aws-node +{{- end }} diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index efcd2ab2c4..14373dcebe 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -46,6 +46,7 @@ nodeAgent: networkPolicyAgentLogFileLocation: "/var/log/aws-routed-eni/network-policy-agent.log" enableIpv6: "false" metricsBindAddr: "8162" + metricsBindPort: "8162" healthProbeBindAddr: "8163" conntrackCacheCleanupPeriod: 300 resources: {} @@ -231,3 +232,17 @@ eniConfig: # id: subnet-789 # securityGroups: # - sg-789 + +podMonitor: + # Create Prometheus podMonitor + create: false + # Annotations to add to the Prometheus podMonitor + annotations: {} + # Labels to add to the Prometheus podMonitor + labels: {} + # The interval to scrape metrics. + interval: 30s + # The timeout before a metrics scrape fails. + scrapeTimeout: 30s + # relabelings to apply to the podMonitor + relabelings: [] \ No newline at end of file From 0988cdd35a30d4d8aac9a9712bb7942df3391c85 Mon Sep 17 00:00:00 2001 From: Senthil Kumaran Date: Thu, 20 Feb 2025 21:00:10 -0800 Subject: [PATCH 48/60] Fix print the error message in string instead of bytes. (#3208) * Fix the error message format. * Address review comment. --- test/agent/cmd/networking/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/agent/cmd/networking/main.go b/test/agent/cmd/networking/main.go index 224e3f7d5e..08afc591ab 100644 --- a/test/agent/cmd/networking/main.go +++ b/test/agent/cmd/networking/main.go @@ -81,7 +81,7 @@ func main() { } fmt.Fprint(&errs, e.Error()) } - log.Fatalf("found 1 or more pod teardown validation failure: %v", errs) + log.Fatalf("found 1 or more pod teardown validation failure: %s", errs.String()) } } } From be150775b7f54cbf39979eeb21aa214150e643dc Mon Sep 17 00:00:00 2001 From: pavanipt Date: Fri, 21 Feb 2025 10:52:07 -0800 Subject: [PATCH 49/60] update np standard mode doc (#3211) Co-authored-by: Senthil Kumaran --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index cff797a55d..180ccd27d4 100644 --- a/README.md +++ b/README.md @@ -743,6 +743,8 @@ Default: `standard` Network Policy agent now supports two modes for Network Policy enforcement - Strict and Standard. By default, the Amazon VPC CNI plugin for Kubernetes configures network policies for pods in parallel with the pod provisioning. In the `standard` mode, until all of the policies are configured for the new pod, containers in the new pod will start with a default allow policy. A default allow policy means that all ingress and egress traffic is allowed to and from the new pods. However, in the `strict` mode, a new pod will start with a default deny policy and all Egress and Ingress connections will be blocked till Network Policies are configured. In Strict Mode, you must have a network policy defined for every pod in your cluster. Host Networking pods are exempted from this requirement. +In standard mode, return traffic is always allowed for any packets that were initially sent under the default allow policy. However, once network policies are applied, the next outgoing packet will be evaluated against the active policies, and it will be allowed or denied accordingly. + ### VPC CNI Feature Matrix From 0dccb2296cc25828b2772daae0f8297185b04686 Mon Sep 17 00:00:00 2001 From: Shehbaj Dhillon Date: Fri, 28 Feb 2025 10:52:39 -0800 Subject: [PATCH 50/60] config multus: add v4.1.4-eksbuild.3 (#3217) --- .../multus-daemonset-thick.yml | 260 ++++++++++++++++++ 1 file changed, 260 insertions(+) create mode 100644 config/multus/v4.1.4-eksbuild.3/multus-daemonset-thick.yml diff --git a/config/multus/v4.1.4-eksbuild.3/multus-daemonset-thick.yml b/config/multus/v4.1.4-eksbuild.3/multus-daemonset-thick.yml new file mode 100644 index 0000000000..645b59c445 --- /dev/null +++ b/config/multus/v4.1.4-eksbuild.3/multus-daemonset-thick.yml @@ -0,0 +1,260 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: + - kind: ServiceAccount + name: multus + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-daemon-config + namespace: kube-system + labels: + tier: node + app: multus +data: + daemon-config.json: | + { + "chrootDir": "/hostroot", + "confDir": "/host/etc/cni/net.d", + "logFile": "/var/log/multus.log", + "logLevel": "verbose", + "socketDir": "/host/run/multus/", + "cniVersion": "0.3.1", + "logToStderr": true, + "cniConfigDir": "/host/etc/cni/net.d", + "multusConfigFile": "auto", + "multusAutoconfigDir": "/host/etc/cni/net.d", + "multusMasterCNI": "10-aws.conflist" + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-multus-ds + namespace: kube-system + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + hostNetwork: true + hostPID: true + tolerations: + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute + serviceAccountName: multus + containers: + - name: kube-multus + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/multus-cni:v4.1.4-eksbuild.3_thick + command: [ "/usr/src/multus-cni/bin/multus-daemon" ] + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + # multus-daemon expects that cnibin path must be identical between pod and container host. + + # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, + + # not to any other directory, like '/opt/bin' or '/usr/bin'. + + - name: cnibin + mountPath: /opt/cni/bin + - name: host-run + mountPath: /host/run + - name: host-var-lib-cni-multus + mountPath: /var/lib/cni/multus + - name: host-var-lib-kubelet + mountPath: /var/lib/kubelet + mountPropagation: HostToContainer + - name: host-run-k8s-cni-cncf-io + mountPath: /run/k8s.cni.cncf.io + - name: host-run-netns + mountPath: /run/netns + mountPropagation: HostToContainer + - name: multus-daemon-config + mountPath: /etc/cni/net.d/multus.d + readOnly: true + - name: hostroot + mountPath: /hostroot + mountPropagation: HostToContainer + env: + - name: MULTUS_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + initContainers: + - name: install-multus-binary + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/multus-cni:v4.1.4-eksbuild.3_thick + command: + - "cp" + - "/usr/src/multus-cni/bin/multus-shim" + - "/host/opt/cni/bin/multus-shim" + resources: + requests: + cpu: "10m" + memory: "15Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + terminationGracePeriodSeconds: 10 + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: hostroot + hostPath: + path: / + - name: multus-daemon-config + configMap: + name: multus-daemon-config + items: + - key: daemon-config.json + path: daemon-config.json + - name: host-run + hostPath: + path: /run + - name: host-var-lib-cni-multus + hostPath: + path: /var/lib/cni/multus + - name: host-var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: host-run-k8s-cni-cncf-io + hostPath: + path: /run/k8s.cni.cncf.io + - name: host-run-netns + hostPath: + path: /run/netns/ From 7b288b8e1860d2d3a5f286e29aa576011f91a7c6 Mon Sep 17 00:00:00 2001 From: Adam Date: Fri, 7 Mar 2025 16:38:57 -0800 Subject: [PATCH 51/60] update helm chart to ensure that created eniconfig name is always a string (#3227) --- charts/aws-vpc-cni/templates/eniconfig.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/aws-vpc-cni/templates/eniconfig.yaml b/charts/aws-vpc-cni/templates/eniconfig.yaml index 90066142db..d43491c6d5 100644 --- a/charts/aws-vpc-cni/templates/eniconfig.yaml +++ b/charts/aws-vpc-cni/templates/eniconfig.yaml @@ -3,7 +3,7 @@ apiVersion: crd.k8s.amazonaws.com/v1alpha1 kind: ENIConfig metadata: - name: {{ $key }} + name: "{{ $key }}" spec: {{- if $value.securityGroups }} securityGroups: From 2532faf1a2b6437459829e3c020b6521d6ade607 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 00:19:38 +0000 Subject: [PATCH 52/60] Bump github.com/containerd/containerd from 1.7.23 to 1.7.27 Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.23 to 1.7.27. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.7.23...v1.7.27) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 066762e3c4..1dda752c7b 100644 --- a/go.mod +++ b/go.mod @@ -73,7 +73,7 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.23 // indirect + github.com/containerd/containerd v1.7.27 // indirect github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect diff --git a/go.sum b/go.sum index 0c01a36f0c..5e3e7c6766 100644 --- a/go.sum +++ b/go.sum @@ -106,10 +106,10 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= -github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= -github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= -github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= -github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII= +github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0= +github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII= +github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= From ef323337b94f737cd07b6e9d125faddd7c99f5fe Mon Sep 17 00:00:00 2001 From: Yash Thakkar Date: Thu, 20 Mar 2025 13:24:47 -0700 Subject: [PATCH 53/60] adding eni owner tag if cluster name is present (#3228) --- pkg/awsutils/awsutils.go | 3 + pkg/awsutils/awsutils_test.go | 100 +++++++++++++++++++--------------- 2 files changed, 60 insertions(+), 43 deletions(-) diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index dafb8fa4a8..0f539cf6d8 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -64,6 +64,8 @@ const ( eniNodeTagKey = "node.k8s.amazonaws.com/instance_id" eniCreatedAtTagKey = "node.k8s.amazonaws.com/createdAt" eniClusterTagKey = "cluster.k8s.amazonaws.com/name" + eniOwnerTagKey = "eks:eni:owner" + eniOwnerTagValue = "amazon-vpc-cni" additionalEniTagsEnvVar = "ADDITIONAL_ENI_TAGS" reservedTagKeyPrefix = "k8s.amazonaws.com" subnetDiscoveryTagKey = "kubernetes.io/role/cni" @@ -1060,6 +1062,7 @@ func (cache *EC2InstanceMetadataCache) buildENITags() map[string]string { // tag the ENI with "cluster.k8s.amazonaws.com/name=" if cache.clusterName != "" { tags[eniClusterTagKey] = cache.clusterName + tags[eniOwnerTagKey] = eniOwnerTagValue } for key, value := range cache.additionalENITags { tags[key] = value diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index c1eba58acc..59da59ee6f 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -1304,7 +1304,7 @@ func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { instanceID: "i-xxxxx", }, want: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxxx", + eniNodeTagKey: "i-xxxxx", }, }, { @@ -1314,8 +1314,9 @@ func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { clusterName: "awesome-cluster", }, want: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxxx", - "cluster.k8s.amazonaws.com/name": "awesome-cluster", + eniNodeTagKey: "i-xxxxx", + eniClusterTagKey: "awesome-cluster", + eniOwnerTagKey: eniOwnerTagValue, }, }, { @@ -1328,9 +1329,9 @@ func TestEC2InstanceMetadataCache_buildENITags(t *testing.T) { }, }, want: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxxx", - "tagKey-1": "tagVal-1", - "tagKey-2": "tagVal-2", + eniNodeTagKey: "i-xxxxx", + "tagKey-1": "tagVal-1", + "tagKey-2": "tagVal-2", }, }, } @@ -1375,7 +1376,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1408,7 +1409,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1430,11 +1431,11 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, }, @@ -1452,11 +1453,11 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, }, @@ -1473,7 +1474,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1495,11 +1496,11 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, }, @@ -1522,7 +1523,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1544,11 +1545,11 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(now.Format(time.RFC3339)), }, }, @@ -1571,7 +1572,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1604,7 +1605,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1630,15 +1631,15 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(eniClusterTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1656,15 +1657,15 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(eniClusterTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1681,7 +1682,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1707,15 +1708,15 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(tenMinuteAgo.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(eniClusterTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1738,7 +1739,7 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Filters: []ec2types.Filter{ { Name: aws.String("tag-key"), - Values: []string{"node.k8s.amazonaws.com/instance_id"}, + Values: []string{eniNodeTagKey}, }, { Name: aws.String("status"), @@ -1764,15 +1765,15 @@ func TestEC2InstanceMetadataCache_getLeakedENIs(t *testing.T) { Status: "available", TagSet: []ec2types.Tag{ { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxxx"), }, { - Key: aws.String("node.k8s.amazonaws.com/createdAt"), + Key: aws.String(eniCreatedAtTagKey), Value: aws.String(now.Format(time.RFC3339)), }, { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(eniClusterTagKey), Value: aws.String("awesome-cluster"), }, }, @@ -1852,11 +1853,15 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { Resources: []string{"eni-xxxx"}, Tags: []ec2types.Tag{ { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(eniClusterTagKey), Value: aws.String("awesome-cluster"), }, { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniOwnerTagKey), + Value: aws.String(eniOwnerTagValue), + }, + { + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxx"), }, }, @@ -1880,8 +1885,9 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { args: args{ eniID: "eni-xxxx", currentTags: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxx", - "cluster.k8s.amazonaws.com/name": "awesome-cluster", + eniNodeTagKey: "i-xxxx", + eniClusterTagKey: "awesome-cluster", + eniOwnerTagKey: eniOwnerTagValue, }, }, wantErr: nil, @@ -1897,9 +1903,13 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { Resources: []string{"eni-xxxx"}, Tags: []ec2types.Tag{ { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(eniClusterTagKey), Value: aws.String("awesome-cluster"), }, + { + Key: aws.String(eniOwnerTagKey), + Value: aws.String(eniOwnerTagValue), + }, }, }, }, @@ -1908,8 +1918,8 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { args: args{ eniID: "eni-xxxx", currentTags: map[string]string{ - "node.k8s.amazonaws.com/instance_id": "i-xxxx", - "anotherKey": "anotherDay", + eniNodeTagKey: "i-xxxx", + "anotherKey": "anotherDay", }, }, wantErr: nil, @@ -1925,11 +1935,15 @@ func TestEC2InstanceMetadataCache_TagENI(t *testing.T) { Resources: []string{"eni-xxxx"}, Tags: []ec2types.Tag{ { - Key: aws.String("cluster.k8s.amazonaws.com/name"), + Key: aws.String(eniClusterTagKey), Value: aws.String("awesome-cluster"), }, { - Key: aws.String("node.k8s.amazonaws.com/instance_id"), + Key: aws.String(eniOwnerTagKey), + Value: aws.String(eniOwnerTagValue), + }, + { + Key: aws.String(eniNodeTagKey), Value: aws.String("i-xxxx"), }, }, From 0e8092b2fa454b2372c20a4b240c9687bb7e7345 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Sat, 22 Mar 2025 12:33:19 -0700 Subject: [PATCH 54/60] only cache CNINode when SGP is in use (#3242) --- pkg/k8sapi/k8sutils.go | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/pkg/k8sapi/k8sutils.go b/pkg/k8sapi/k8sutils.go index 32d897544d..3b97ff0cb1 100644 --- a/pkg/k8sapi/k8sutils.go +++ b/pkg/k8sapi/k8sutils.go @@ -26,7 +26,8 @@ import ( ) const ( - awsNode = "aws-node" + awsNode = "aws-node" + envEnablePodENI = "ENABLE_POD_ENI" ) var log = logger.Get() @@ -34,17 +35,23 @@ var log = logger.Get() // Get cache filters for IPAMD func getIPAMDCacheFilters() map[client.Object]cache.ByObject { if nodeName := os.Getenv("MY_NODE_NAME"); nodeName != "" { - return map[client.Object]cache.ByObject{ + filter := map[client.Object]cache.ByObject{ &corev1.Pod{}: { Field: fields.Set{"spec.nodeName": nodeName}.AsSelector(), }, &corev1.Node{}: { Field: fields.Set{"metadata.name": nodeName}.AsSelector(), }, - &rcscheme.CNINode{}: { + } + // only cache CNINode when SGP is in use + enabledPodENI := utils.GetBoolAsStringEnvVar(envEnablePodENI, false) + if enabledPodENI { + log.Infof("SGP is in use, adding CNINode to cache.") + filter[&rcscheme.CNINode{}] = cache.ByObject{ Field: fields.Set{"metadata.name": nodeName}.AsSelector(), - }, + } } + return filter } return nil } From 419eac585e2b71d7471dd7c4424ad16dc85412e2 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Mon, 31 Mar 2025 17:17:55 -0700 Subject: [PATCH 55/60] Remove dependency on apiserver for IPAMD startup (#3243) * remove apiserver dependency for ipamd startup * fix format issue in UT * wait apiserver connectivty for pod annotate feature * return maxPods value directly when parsing the local file --- cmd/aws-k8s-agent/main.go | 86 ++++++++++-- pkg/ipamd/ipamd.go | 163 ++++++++++++++++++++--- pkg/ipamd/ipamd_test.go | 7 +- pkg/k8sapi/k8sutils.go | 95 +++++++++---- pkg/utils/eventrecorder/eventrecorder.go | 16 ++- scripts/dockerfiles/Dockerfile.release | 1 + 6 files changed, 306 insertions(+), 62 deletions(-) diff --git a/cmd/aws-k8s-agent/main.go b/cmd/aws-k8s-agent/main.go index f379f552f6..5dee09d624 100644 --- a/cmd/aws-k8s-agent/main.go +++ b/cmd/aws-k8s-agent/main.go @@ -16,6 +16,7 @@ package main import ( "os" + "time" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd" "github.com/aws/amazon-vpc-cni-k8s/pkg/k8sapi" @@ -24,6 +25,7 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/version" "github.com/aws/amazon-vpc-cni-k8s/utils" metrics "github.com/aws/amazon-vpc-cni-k8s/utils/prometheusmetrics" + "k8s.io/client-go/kubernetes" ) const ( @@ -36,12 +38,55 @@ const ( // Environment variable to disable the IPAMD introspection endpoint on 61679 envDisableIntrospection = "DISABLE_INTROSPECTION" + + restCfgTimeout = 5 * time.Second + pollInterval = 5 * time.Second + pollTimeout = 30 * time.Second ) func main() { os.Exit(_main()) } +// startBackgroundAPIServerCheck checks API connectivity in the background +func startBackgroundAPIServerCheck(ipamContext *ipamd.IPAMContext) { + go func() { + log := logger.Get() + log.Info("Starting background API server connectivity check...") + + // Create a new client for API server check + restCfg, err := k8sapi.GetRestConfig() + if err != nil { + log.Errorf("Failed to get REST config for background API check: %v", err) + return + } + restCfg.Timeout = restCfgTimeout + clientSet, err := kubernetes.NewForConfig(restCfg) + if err != nil { + log.Errorf("Failed to create k8s client for background API check: %v", err) + return + } + + // Keep checking until connection is established + for { + version, err := clientSet.Discovery().ServerVersion() + if err == nil { + log.Infof("API server connectivity established in background! Cluster Version is: %s", version.GitVersion) + + // Update IPAM context with new API server connectivity + ipamContext.SetAPIServerConnectivity(true) + + // Exit the goroutine after successful connection + log.Info("Background API server check completed successfully") + return + } + + log.Debugf("Still waiting for API server connectivity in background: %v", err) + time.Sleep(pollInterval) + } + }() +} + func _main() int { // Do not add anything before initializing logger log := logger.Get() @@ -49,31 +94,52 @@ func _main() int { log.Infof("Starting L-IPAMD %s ...", version.Version) version.RegisterMetric() + enabledPodEni := ipamd.EnablePodENI() + enabledCustomNetwork := ipamd.UseCustomNetworkCfg() + enabledPodAnnotation := ipamd.EnablePodIPAnnotation() + withApiServer := false // Check API Server Connectivity - if err := k8sapi.CheckAPIServerConnectivity(); err != nil { - log.Errorf("Failed to check API server connectivity: %s", err) - return 1 + if enabledPodEni || enabledCustomNetwork || enabledPodAnnotation { + log.Info("SGP, custom networking or pod annotation feature is in use, waiting for API server connectivity to start IPAMD") + if err := k8sapi.CheckAPIServerConnectivity(); err != nil { + log.Errorf("Failed to check API server connectivity: %s", err) + return 1 + } else { + log.Info("API server connectivity established.") + withApiServer = true + } + } else { + log.Infof("Waiting to connect API server for upto %s...", pollTimeout) + // Try a quick check first + if err := k8sapi.CheckAPIServerConnectivityWithTimeout(pollInterval, pollTimeout); err != nil { + log.Warn("Proceeding without API server connectivity, will run background API server connectivity check") + withApiServer = false + } else { + log.Info("API server connectivity established.") + withApiServer = true + } } - // Create Kubernetes client for API server requests k8sClient, err := k8sapi.CreateKubeClient(appName) if err != nil { log.Errorf("Failed to create kube client: %s", err) - return 1 } - // Create EventRecorder for use by IPAMD - if err := eventrecorder.Init(k8sClient); err != nil { + if err := eventrecorder.Init(k8sClient, withApiServer); err != nil { log.Errorf("Failed to create event recorder: %s", err) - return 1 + log.Warn("Skipping event recorder initialization") } - - ipamContext, err := ipamd.New(k8sClient) + ipamContext, err := ipamd.New(k8sClient, withApiServer) if err != nil { log.Errorf("Initialization failure: %v", err) return 1 } + // If not connected to API server yet, start background checks + if !withApiServer { + startBackgroundAPIServerCheck(ipamContext) + } + // Pool manager go ipamContext.StartNodeIPPoolManager() diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 9b9b07ccdb..d569161d1d 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -24,6 +24,8 @@ import ( "sync/atomic" "time" + "github.com/aws/amazon-vpc-cni-k8s/pkg/k8sapi" + "github.com/aws/smithy-go" "sigs.k8s.io/controller-runtime/pkg/client" @@ -42,7 +44,6 @@ import ( "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" "github.com/aws/amazon-vpc-cni-k8s/pkg/eniconfig" "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" - "github.com/aws/amazon-vpc-cni-k8s/pkg/k8sapi" "github.com/aws/amazon-vpc-cni-k8s/pkg/networkutils" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/cniutils" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" @@ -185,6 +186,13 @@ const ( // envEnableNetworkPolicy is used to enable IPAMD/CNI to send pod create events to network policy agent. envNetworkPolicyMode = "NETWORK_POLICY_ENFORCING_MODE" defaultNetworkPolicyMode = "standard" + + defaultMaxPodsFromKubelet = 110 + kubeletConfigPath = "/host/etc/kubernetes/kubelet/kubelet-config.json" + eniMaxPodsFilePath = "/app/eni-max-pods.txt" + + // Application name for k8s client + appName = "aws-node" ) var log = logger.Get() @@ -230,6 +238,11 @@ type IPAMContext struct { enablePodIPAnnotation bool maxPods int // maximum number of pods that can be scheduled on the node networkPolicyMode string + withApiServer bool +} + +type kubeletConfig struct { + MaxPods *int64 `json:"maxPods"` } // setUnmanagedENIs will rebuild the set of ENI IDs for ENIs tagged as "no_manage" @@ -335,7 +348,7 @@ func (c *IPAMContext) inInsufficientCidrCoolingPeriod() bool { // New retrieves IP address usage information from Instance MetaData service and Kubelet // then initializes IP address pool data store -func New(k8sClient client.Client) (*IPAMContext, error) { +func New(k8sClient client.Client, withApiServer bool) (*IPAMContext, error) { prometheusRegister() c := &IPAMContext{} c.k8sClient = k8sClient @@ -360,9 +373,9 @@ func New(k8sClient client.Client) (*IPAMContext, error) { c.warmIPTarget = getWarmIPTarget() c.minimumIPTarget = getMinimumIPTarget() c.warmPrefixTarget = getWarmPrefixTarget() - c.enablePodENI = enablePodENI() + c.enablePodENI = EnablePodENI() c.enableManageUntaggedMode = enableManageUntaggedMode() - c.enablePodIPAnnotation = enablePodIPAnnotation() + c.enablePodIPAnnotation = EnablePodIPAnnotation() c.numNetworkCards = len(c.awsClient.GetNetworkCards()) c.networkPolicyMode, err = getNetworkPolicyMode() @@ -385,7 +398,7 @@ func New(k8sClient client.Client) (*IPAMContext, error) { c.myNodeName = os.Getenv(envNodeName) checkpointer := datastore.NewJSONFile(dsBackingStorePath()) c.dataStore = datastore.NewDataStore(log, checkpointer, c.enablePrefixDelegation) - + c.withApiServer = withApiServer if err := c.nodeInit(); err != nil { return nil, err } @@ -523,21 +536,32 @@ func (c *IPAMContext) nodeInit() error { }, 30*time.Second) } - // Make a k8s client request for the current node so that max pods can be derived - node, err := k8sapi.GetNode(ctx, c.k8sClient) - if err != nil { - log.Errorf("Failed to get node", err) - podENIErrInc("nodeInit") - return err - } - - maxPods, isInt64 := node.Status.Capacity.Pods().AsInt64() - if !isInt64 { - log.Errorf("Failed to parse max pods: %s", node.Status.Capacity.Pods().String) - podENIErrInc("nodeInit") - return errors.New("error while trying to determine max pods") + // if apiserver is connected, get the maxPods from node + var node corev1.Node + if c.withApiServer { + node, err := k8sapi.GetNode(ctx, c.k8sClient) + if err != nil { + log.Errorf("Failed to get node, %s", err) + podENIErrInc("nodeInit") + return err + } else { + maxPods, isInt64 := node.Status.Capacity.Pods().AsInt64() + if !isInt64 { + log.Errorf("Failed to parse max pods: %s", node.Status.Capacity.Pods().String) + podENIErrInc("nodeInit") + return errors.New("error while trying to determine max pods") + } + c.maxPods = int(maxPods) + } + } else { + maxPods, err := c.getMaxPodsFromFile() + if err != nil { + log.Warnf("Using default maxPods as %d because reading from file failed: %v", defaultMaxPodsFromKubelet, err) + c.maxPods = defaultMaxPodsFromKubelet + } else { + c.maxPods = int(maxPods) + } } - c.maxPods = int(maxPods) if c.useCustomNetworking { // When custom networking is enabled and a valid ENIConfig is found, IPAMD patches the CNINode @@ -1691,6 +1715,57 @@ func (c *IPAMContext) warmIPTargetsDefined() bool { return c.warmIPTarget != noWarmIPTarget || c.minimumIPTarget != noMinimumIPTarget } +// max pods from instance type mapping file +type instanceTypeMaxPodsMapping map[string]int64 + +// getMaxPodsFromFile reads the max pods value from the eni-max-pods.txt file +// based on the instance type +func (c *IPAMContext) getMaxPodsFromFile() (int64, error) { + instanceType := c.awsClient.GetInstanceType() + if instanceType == "" { + return 0, fmt.Errorf("failed to get instance type") + } + + data, err := os.ReadFile(eniMaxPodsFilePath) + if err != nil { + return 0, fmt.Errorf("failed to read ENI max pods file: %w", err) + } + + maxPods, err := parseMaxPodsForInstanceFromFile(string(data), instanceType) + return maxPods, err +} + +// parseMaxPodsFile parses the eni-max-pods.txt file content and returns a mapping +// of instance type to max pods +func parseMaxPodsForInstanceFromFile(content string, instanceType string) (int64, error) { + lines := strings.Split(content, "\n") + + for _, line := range lines { + // Skip comments and empty lines + line = strings.TrimSpace(line) + if line == "" || strings.HasPrefix(line, "#") { + continue + } + + // Split the line into instance type and max pods + parts := strings.Fields(line) + if len(parts) != 2 { + continue + } + + currInstanceType := parts[0] + if currInstanceType == instanceType { + maxPods, err := strconv.ParseInt(parts[1], 10, 64) + if err != nil { + return 0, fmt.Errorf("failed to parse maxPods for instance type %q: %v", instanceType, err) + } + return maxPods, nil + } + } + + return 0, fmt.Errorf("instance type %q not found in ENI max pods file", instanceType) +} + // UseCustomNetworkCfg returns whether Pods needs to use pod specific configuration or not. func UseCustomNetworkCfg() bool { return parseBoolEnvVar(envCustomNetworkCfg, false) @@ -1766,7 +1841,7 @@ func disableLeakedENICleanup() bool { return isIPv6Enabled() || disableENIProvisioning() || utils.GetBoolAsStringEnvVar(envDisableLeakedENICleanup, false) } -func enablePodENI() bool { +func EnablePodENI() bool { return utils.GetBoolAsStringEnvVar(envEnablePodENI, false) } @@ -1796,7 +1871,7 @@ func enableManageUntaggedMode() bool { return utils.GetBoolAsStringEnvVar(envManageUntaggedENI, true) } -func enablePodIPAnnotation() bool { +func EnablePodIPAnnotation() bool { return utils.GetBoolAsStringEnvVar(envAnnotatePodIP, false) } @@ -2355,3 +2430,49 @@ func (c *IPAMContext) AddFeatureToCNINode(ctx context.Context, featureName rcv1a newCNINode.Spec.Features = append(newCNINode.Spec.Features, newFeature) return c.k8sClient.Patch(ctx, newCNINode, client.MergeFromWithOptions(cniNode, client.MergeFromWithOptimisticLock{})) } + +// SetAPIServerConnectivity updates the API server connectivity status and reconfigures +// components that depend on API server access +func (c *IPAMContext) SetAPIServerConnectivity(connected bool) { + if c.withApiServer == connected { + // Status didn't change + return + } + + log.Infof("Updating API server connectivity status from %v to %v", c.withApiServer, connected) + c.withApiServer = connected + + if connected { + // API server is now available - update maxPods from node object + // First, try to recreate the client with caching enabled + newClient, err := k8sapi.CreateKubeClient(appName) + if err != nil { + log.Errorf("Failed to recreate k8s client with cache when API server became available: %v", err) + } else { + log.Info("Successfully recreated k8s client with cache after API server became available") + c.k8sClient = newClient + } + + // Now get the node to update maxPods + ctx := context.TODO() + node, err := k8sapi.GetNode(ctx, c.k8sClient) + if err != nil { + log.Errorf("Failed to get node after API server connection established: %s", err) + } else { + maxPods, isInt64 := node.Status.Capacity.Pods().AsInt64() + if !isInt64 { + log.Errorf("Failed to parse max pods from node: %s", node.Status.Capacity.Pods().String()) + } else { + // Update maxPods with the value from the node + oldMaxPods := c.maxPods + c.maxPods = int(maxPods) + log.Infof("Updated maxPods from %d to %d based on node capacity", oldMaxPods, c.maxPods) + } + } + } else { + // API server connection was lost + // No action needed here as we already have maxPods from file or kubelet + // and we want to keep working with that value + log.Info("API server connection lost, continuing with current maxPods value") + } +} diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index deaa083f47..e14bce5000 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -137,6 +137,7 @@ func TestNodeInit(t *testing.T) { myNodeName: myNodeName, enableIPv4: true, enableIPv6: false, + withApiServer: true, } eni1, eni2, _ := getDummyENIMetadata() @@ -228,6 +229,7 @@ func TestNodeInitwithPDenabledIPv4Mode(t *testing.T) { enablePrefixDelegation: true, enableIPv4: true, enableIPv6: false, + withApiServer: true, } eni1, eni2 := getDummyENIMetadataWithPrefix() @@ -315,6 +317,7 @@ func TestNodeInitwithPDenabledIPv6Mode(t *testing.T) { enablePrefixDelegation: true, enableIPv4: false, enableIPv6: true, + withApiServer: true, } eni1 := getDummyENIMetadataWithV6Prefix() @@ -1649,11 +1652,11 @@ func TestPodENIConfigFlag(t *testing.T) { defer m.ctrl.Finish() _ = os.Setenv(envEnablePodENI, "true") - disabled := enablePodENI() + disabled := EnablePodENI() assert.True(t, disabled) _ = os.Unsetenv(envEnablePodENI) - disabled = enablePodENI() + disabled = EnablePodENI() assert.False(t, disabled) } diff --git a/pkg/k8sapi/k8sutils.go b/pkg/k8sapi/k8sutils.go index 3b97ff0cb1..af2bf81c68 100644 --- a/pkg/k8sapi/k8sutils.go +++ b/pkg/k8sapi/k8sutils.go @@ -6,15 +6,17 @@ import ( "os" "time" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" + eniconfigscheme "github.com/aws/amazon-vpc-cni-k8s/pkg/apis/crd/v1alpha1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/klog/v2" - eniconfigscheme "github.com/aws/amazon-vpc-cni-k8s/pkg/apis/crd/v1alpha1" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger" "github.com/aws/amazon-vpc-cni-k8s/utils" rcscheme "github.com/aws/amazon-vpc-resource-controller-k8s/apis/vpcresources/v1alpha1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" @@ -28,6 +30,7 @@ import ( const ( awsNode = "aws-node" envEnablePodENI = "ENABLE_POD_ENI" + restCfgTimeout = 5 * time.Second ) var log = logger.Get() @@ -101,7 +104,7 @@ func StartKubeClientCache(cache cache.Cache) { // CreateKubeClient creates a k8s client func CreateKubeClient(appName string) (client.Client, error) { - restCfg, err := getRestConfig() + restCfg, err := GetRestConfig() if err != nil { return nil, err } @@ -120,27 +123,30 @@ func CreateKubeClient(appName string) (client.Client, error) { } cacheReader, err := CreateKubeClientCache(restCfg, vpcCniScheme, filterMap) if err != nil { - return nil, err + log.Warnf("Skipping cache-based Kubernetes client: %s", err) + cacheReader = nil } - // Start cache and wait for initial sync - StartKubeClientCache(cacheReader) - // The cache will start a WATCH for all GVKs in the scheme. - k8sClient, err := client.New(restCfg, client.Options{ - Cache: &client.CacheOptions{ - Reader: cacheReader, - }, - Scheme: vpcCniScheme, - }) + clientOpts := client.Options{Scheme: vpcCniScheme} + if cacheReader != nil { + log.Info("Cache-based Kubernetes client successfully created.") + StartKubeClientCache(cacheReader) + clientOpts.Cache = &client.CacheOptions{Reader: cacheReader} + } else { + log.Warn("Running Kubernetes client in direct mode (no cache)") + } + + k8sClient, err := client.New(restCfg, clientOpts) if err != nil { return nil, err } + log.Info("k8sClient created successfully") return k8sClient, nil } func GetKubeClientSet() (kubernetes.Interface, error) { // creates the in-cluster config - config, err := getRestConfig() + config, err := GetRestConfig() if err != nil { return nil, err } @@ -154,11 +160,11 @@ func GetKubeClientSet() (kubernetes.Interface, error) { } func CheckAPIServerConnectivity() error { - restCfg, err := getRestConfig() + restCfg, err := GetRestConfig() if err != nil { return err } - restCfg.Timeout = 5 * time.Second + restCfg.Timeout = restCfgTimeout clientSet, err := kubernetes.NewForConfig(restCfg) if err != nil { return fmt.Errorf("creating kube config, %w", err) @@ -182,7 +188,34 @@ func CheckAPIServerConnectivity() error { }) } -func getRestConfig() (*rest.Config, error) { +func CheckAPIServerConnectivityWithTimeout(pollInterval time.Duration, pollTimeout time.Duration) error { + restCfg, err := GetRestConfig() + if err != nil { + return err + } + // timeout for each connect try + restCfg.Timeout = restCfgTimeout + clientSet, err := kubernetes.NewForConfig(restCfg) + if err != nil { + return fmt.Errorf("creating kube config, %w", err) + } + + log.Info("Testing communication with server ...") + + return wait.PollImmediate(pollInterval, pollTimeout, func() (bool, error) { + version, err := clientSet.Discovery().ServerVersion() + if err != nil { + log.Errorf("Unable to reach API Server: %v", err) + return false, nil // Retry + } + + log.Infof("Successful communication with the Cluster! Cluster Version is: %s", version.GitVersion) + return true, nil + }) +} + +// GetRestConfig returns a Kubernetes REST config for API interactions +func GetRestConfig() (*rest.Config, error) { restCfg, err := ctrl.GetConfig() if err != nil { return nil, err @@ -195,12 +228,28 @@ func getRestConfig() (*rest.Config, error) { } func GetNode(ctx context.Context, k8sClient client.Client) (corev1.Node, error) { - log.Infof("Get Node Info for: %s", os.Getenv("MY_NODE_NAME")) - var node corev1.Node - err := k8sClient.Get(ctx, types.NamespacedName{Name: os.Getenv("MY_NODE_NAME")}, &node) + nodeName := os.Getenv("MY_NODE_NAME") + log.Infof("Get Node Info for: %s", nodeName) + + node := corev1.Node{ + ObjectMeta: metav1.ObjectMeta{Name: nodeName}, + } + + // If API server is unavailable, return immediately + if k8sClient == nil { + log.Warnf("Skipping GetNode() as Kubernetes API client is unavailable.") + return node, fmt.Errorf("Kubernetes API client is not available") + } + + // Create a context with timeout to avoid hanging indefinitely + apiCtx, cancel := context.WithTimeout(ctx, 3*time.Second) // Set 3-second timeout + defer cancel() + + err := k8sClient.Get(apiCtx, types.NamespacedName{Name: nodeName}, &node) if err != nil { - log.Errorf("error retrieving node: %s", err) + klog.Errorf("Failed to get node %s: %v", nodeName, err) return node, err } + return node, nil } diff --git a/pkg/utils/eventrecorder/eventrecorder.go b/pkg/utils/eventrecorder/eventrecorder.go index 3af53d6c58..3315fdae0e 100644 --- a/pkg/utils/eventrecorder/eventrecorder.go +++ b/pkg/utils/eventrecorder/eventrecorder.go @@ -49,10 +49,10 @@ type EventRecorder struct { hostPod corev1.Pod } -func Init(k8sClient client.Client) error { +func Init(k8sClient client.Client, withApiSever bool) error { clientSet, err := k8sapi.GetKubeClientSet() if err != nil { - log.Fatalf("Error Fetching Kubernetes Client: %s", err) + log.Errorf("Error Fetching Kubernetes Client: %s", err) return err } eventBroadcaster := events.NewBroadcaster(&events.EventSinkImpl{ @@ -64,11 +64,15 @@ func Init(k8sClient client.Client) error { eventRecorder = &EventRecorder{} eventRecorder.Recorder = eventBroadcaster.NewRecorder(clientgoscheme.Scheme, "aws-node") eventRecorder.K8sClient = k8sClient - - if eventRecorder.hostPod, err = findMyPod(eventRecorder.K8sClient); err != nil { - log.Errorf("Failed to find host aws-node pod: %s", err) - // EventRecorder is not considered critical, so no error is returned if host pod cannot be queried + if withApiSever { + if eventRecorder.hostPod, err = findMyPod(eventRecorder.K8sClient); err != nil { + log.Errorf("Failed to find host aws-node pod: %s", err) + // EventRecorder is not considered critical, so no error is returned if host pod cannot be queried + } + } else { + log.Warn("Skipping set hostPod for eventRecorder due tp apiserver connectivity issue") } + return nil } diff --git a/scripts/dockerfiles/Dockerfile.release b/scripts/dockerfiles/Dockerfile.release index 58a388274f..620a4ed6d7 100644 --- a/scripts/dockerfiles/Dockerfile.release +++ b/scripts/dockerfiles/Dockerfile.release @@ -18,6 +18,7 @@ WORKDIR /app COPY --from=builder /go/src/github.com/aws/amazon-vpc-cni-k8s/aws-cni \ /go/src/github.com/aws/amazon-vpc-cni-k8s/misc/10-aws.conflist \ + /go/src/github.com/aws/amazon-vpc-cni-k8s/misc/eni-max-pods.txt \ /go/src/github.com/aws/amazon-vpc-cni-k8s/aws-k8s-agent \ /go/src/github.com/aws/amazon-vpc-cni-k8s/grpc-health-probe \ /go/src/github.com/aws/amazon-vpc-cni-k8s/egress-cni \ From 852608eed40d1e18cce089bce6790f1910e92157 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Mar 2025 21:52:53 +0000 Subject: [PATCH 56/60] Bump github.com/onsi/gomega from 1.36.0 to 1.36.2 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.36.0 to 1.36.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.36.0...v1.36.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 1dda752c7b..2956c103ac 100644 --- a/go.mod +++ b/go.mod @@ -22,8 +22,8 @@ require ( github.com/go-logr/logr v1.4.2 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.22.0 - github.com/onsi/gomega v1.36.0 + github.com/onsi/ginkgo/v2 v2.22.1 + github.com/onsi/gomega v1.36.2 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 @@ -109,7 +109,7 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.0 // indirect @@ -176,7 +176,7 @@ require ( golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.26.0 // indirect + golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect diff --git a/go.sum b/go.sum index 5e3e7c6766..0299d3245d 100644 --- a/go.sum +++ b/go.sum @@ -240,8 +240,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -352,10 +352,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y= -github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -484,8 +484,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -547,8 +547,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From de312d0dbfd2a4e9949892bf4a5418ac5ac97031 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 10:48:21 +0000 Subject: [PATCH 57/60] Bump golang.org/x/sys from 0.30.0 to 0.31.0 in /test/agent Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.30.0 to 0.31.0. - [Commits](https://github.com/golang/sys/compare/v0.30.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/agent/go.mod | 3 ++- test/agent/go.sum | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/test/agent/go.mod b/test/agent/go.mod index 290aee759e..6be10870ec 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -1,11 +1,12 @@ module github.com/aws/amazon-vpc-cni-k8s/test/agent go 1.22.3 +toolchain go1.24.1 require ( github.com/coreos/go-iptables v0.8.0 github.com/vishvananda/netlink v1.3.0 - golang.org/x/sys v0.30.0 + golang.org/x/sys v0.31.0 ) require github.com/vishvananda/netns v0.0.4 // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index e076b3c336..a283972bae 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -6,5 +6,5 @@ github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1Y github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= From d084d48499ae66456c8b6eeef357046bb8fc52d8 Mon Sep 17 00:00:00 2001 From: pavanipt Date: Mon, 14 Apr 2025 13:44:22 -0700 Subject: [PATCH 58/60] Skip configuring NP related if network_policy_enforcing_mode is not set (#3254) * Skip configuring network policies if network_policy_enforcing_mode is not set * make format and update chart * fix vuln checks * fix metrics agent and readme --- .go-version | 2 +- README.md | 3 + charts/aws-vpc-cni/templates/daemonset.yaml | 5 + cmd/cni-metrics-helper/metrics/metrics.go | 3 +- cmd/routed-eni-cni-plugin/cni.go | 21 ++- cmd/routed-eni-cni-plugin/cni_test.go | 72 +++++++- go.mod | 71 ++++---- go.sum | 179 +++++++------------- pkg/ipamd/ipamd.go | 16 +- pkg/ipamd/rpc_handler.go | 11 +- rpc/mocks/rpc_mocks.go | 46 +---- rpc/rpc.pb.go | 123 ++++++++------ rpc/rpc.proto | 12 +- test/agent/go.mod | 3 +- 14 files changed, 284 insertions(+), 283 deletions(-) diff --git a/.go-version b/.go-version index 2560439f07..f9e8384bb6 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.12 +1.24.1 diff --git a/README.md b/README.md index 180ccd27d4..1f674d18ab 100644 --- a/README.md +++ b/README.md @@ -745,6 +745,9 @@ Network Policy agent now supports two modes for Network Policy enforcement - Str In standard mode, return traffic is always allowed for any packets that were initially sent under the default allow policy. However, once network policies are applied, the next outgoing packet will be evaluated against the active policies, and it will be allowed or denied accordingly. +If you remove the Network Policy Agent container from the aws-node DaemonSet, you must also ensure that NETWORK_POLICY_ENFORCING_MODE environment variable is not set. +Setting this value while the NP agent is absent can lead to failures during pod creation. + ### VPC CNI Feature Matrix diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index 3a0198bbe1..f4a3c90310 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -81,8 +81,13 @@ spec: timeoutSeconds: {{ .Values.readinessProbeTimeoutSeconds }} env: {{- range $key, $value := .Values.env }} + {{- $skipKey := and (eq $key "NETWORK_POLICY_ENFORCING_MODE") (not $.Values.nodeAgent.enabled) }} + {{- if not $skipKey }} - name: {{ $key }} value: {{ $value | quote }} + {{- else }} + # Skipping NETWORK_POLICY_ENFORCING_MODE because nodeAgent is disabled + {{- end }} {{- end }} {{- with .Values.extraEnv }} {{- toYaml .| nindent 12 }} diff --git a/cmd/cni-metrics-helper/metrics/metrics.go b/cmd/cni-metrics-helper/metrics/metrics.go index d4f9b820d7..1e99913879 100644 --- a/cmd/cni-metrics-helper/metrics/metrics.go +++ b/cmd/cni-metrics-helper/metrics/metrics.go @@ -17,6 +17,7 @@ package metrics import ( "bytes" "context" + "errors" "fmt" "github.com/aws/aws-sdk-go-v2/aws" @@ -358,7 +359,7 @@ func producePrometheusMetrics(t metricsTarget, families map[string]*dto.MetricFa if len(prometheusCNIMetrics) == 0 { errorMsg := "Skipping since prometheus mapping is missing" t.getLogger().Infof(errorMsg) - return fmt.Errorf(errorMsg) + return errors.New(errorMsg) } for key, family := range families { convertMetrics := convertDef[key] diff --git a/cmd/routed-eni-cni-plugin/cni.go b/cmd/routed-eni-cni-plugin/cni.go index bfecb979c3..e569eb5359 100644 --- a/cmd/routed-eni-cni-plugin/cni.go +++ b/cmd/routed-eni-cni-plugin/cni.go @@ -282,15 +282,18 @@ func add(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap result.Interfaces = append(result.Interfaces, dummyInterface) // Set up a connection to the network policy agent - // Cx might have removed np container if they are not using network policies - // If we are not able to connect to np agent we do not return return error here. If NP agent grpc is not up - // and listening, NP agent will be in crash loop and we will catch the issue there + // NP container might have been removed if network policies are not being used + // If NETWORK_POLICY_ENFORCING_MODE is not set, we will not configure anything related to NP + if r.NetworkPolicyMode == "" { + log.Infof("NETWORK_POLICY_ENFORCING_MODE is not set") + return cniTypes.PrintResult(result, conf.CNIVersion) + } ctx, cancel := context.WithTimeout(context.Background(), npAgentConnTimeout*time.Second) // Set timeout defer cancel() npConn, err := grpcClient.DialContext(ctx, npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithBlock()) if err != nil { - log.Infof("Failed to connect to network policy agent: %v. Network Policy agent might not be running", err) - return cniTypes.PrintResult(result, conf.CNIVersion) + log.Errorf("Failed to connect to network policy agent: %v", err) + return errors.New("add cmd: failed to setup network policy") } defer npConn.Close() @@ -451,13 +454,17 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap log.Warnf("Container %s did not have a valid IP %s", args.ContainerID, r.IPv4Addr) } + if r.NetworkPolicyMode == "" { + log.Infof("NETWORK_POLICY_ENFORCING_MODE is not set") + return nil + } // Set up a connection to the network policy agent ctx, cancel := context.WithTimeout(context.Background(), npAgentConnTimeout*time.Second) // Set timeout defer cancel() npConn, err := grpcClient.DialContext(ctx, npAgentAddress, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithBlock()) if err != nil { - log.Infof("Failed to connect to network policy agent: %v. Network Policy agent might not be running", err) - return nil + log.Errorf("Failed to connect to network policy agent: %v. Network Policy agent might not be running", err) + return errors.Wrap(err, "del cmd: failed to connect to network policy agent") } defer npConn.Close() //Make a GRPC call for network policy agent diff --git a/cmd/routed-eni-cni-plugin/cni_test.go b/cmd/routed-eni-cni-plugin/cni_test.go index 8954489fb4..21aa5b8db7 100644 --- a/cmd/routed-eni-cni-plugin/cni_test.go +++ b/cmd/routed-eni-cni-plugin/cni_test.go @@ -271,6 +271,41 @@ func TestCmdAddErrSetupPodNetwork(t *testing.T) { assert.Error(t, err) } +func TestCmdAddWithNetworkPolicyModeUnset(t *testing.T) { + ctrl, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork := setup(t) + defer ctrl.Finish() + + stdinData, _ := json.Marshal(netConf) + + cmdArgs := &skel.CmdArgs{ContainerID: containerID, + Netns: netNS, + IfName: ifName, + StdinData: stdinData} + + mocksTypes.EXPECT().LoadArgs(gomock.Any(), gomock.Any()).Return(nil) + + conn, _ := grpc.Dial(ipamdAddress, grpc.WithInsecure()) + + mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(conn, nil) + mockC := mock_rpc.NewMockCNIBackendClient(ctrl) + mocksRPC.EXPECT().NewCNIBackendClient(conn).Return(mockC) + + addNetworkReply := &rpc.AddNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum, NetworkPolicyMode: ""} + mockC.EXPECT().AddNetwork(gomock.Any(), gomock.Any()).Return(addNetworkReply, nil) + + v4Addr := &net.IPNet{ + IP: net.ParseIP(addNetworkReply.IPv4Addr), + Mask: net.IPv4Mask(255, 255, 255, 255), + } + mocksNetwork.EXPECT().SetupPodNetwork(gomock.Any(), cmdArgs.IfName, cmdArgs.Netns, + v4Addr, nil, int(addNetworkReply.DeviceNumber), gomock.Any(), gomock.Any()).Return(nil) + + mocksTypes.EXPECT().PrintResult(gomock.Any(), gomock.Any()).Return(nil).Times(1) + + err := add(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + assert.Nil(t, err) +} + func TestCmdDel(t *testing.T) { ctrl, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork := setup(t) defer ctrl.Finish() @@ -296,7 +331,7 @@ func TestCmdDel(t *testing.T) { mockNP := mock_rpc.NewMockNPBackendClient(ctrl) mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) - delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum} + delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum, NetworkPolicyMode: "none"} mockC.EXPECT().DelNetwork(gomock.Any(), gomock.Any()).Return(delNetworkReply, nil) deleteNpReply := &rpc.DeleteNpReply{Success: true} @@ -446,7 +481,7 @@ func TestCmdDelForPodENINetwork(t *testing.T) { mockNP := mock_rpc.NewMockNPBackendClient(ctrl) mocksRPC.EXPECT().NewNPBackendClient(npConn).Return(mockNP) - delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, PodVlanId: 1} + delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, PodVlanId: 1, NetworkPolicyMode: "none"} mockC.EXPECT().DelNetwork(gomock.Any(), gomock.Any()).Return(delNetworkReply, nil) deleteNpReply := &rpc.DeleteNpReply{Success: true} @@ -462,6 +497,39 @@ func TestCmdDelForPodENINetwork(t *testing.T) { assert.Nil(t, err) } +func TestCmdDelWithNetworkPolicyModeUnset(t *testing.T) { + ctrl, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork := setup(t) + defer ctrl.Finish() + + stdinData, _ := json.Marshal(netConf) + + cmdArgs := &skel.CmdArgs{ContainerID: containerID, + Netns: netNS, + IfName: ifName, + StdinData: stdinData} + + mocksTypes.EXPECT().LoadArgs(gomock.Any(), gomock.Any()).Return(nil) + + conn, _ := grpc.Dial(ipamdAddress, grpc.WithInsecure()) + + mocksGRPC.EXPECT().Dial(gomock.Any(), gomock.Any()).Return(conn, nil) + mockC := mock_rpc.NewMockCNIBackendClient(ctrl) + mocksRPC.EXPECT().NewCNIBackendClient(conn).Return(mockC) + + delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum, NetworkPolicyMode: ""} + mockC.EXPECT().DelNetwork(gomock.Any(), gomock.Any()).Return(delNetworkReply, nil) + + addr := &net.IPNet{ + IP: net.ParseIP(delNetworkReply.IPv4Addr), + Mask: net.IPv4Mask(255, 255, 255, 255), + } + + mocksNetwork.EXPECT().TeardownPodNetwork(addr, int(delNetworkReply.DeviceNumber), gomock.Any()).Return(nil) + + err := del(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + assert.Nil(t, err) +} + func Test_tryDelWithPrevResult(t *testing.T) { type teardownBranchENIPodNetworkCall struct { containerAddr *net.IPNet diff --git a/go.mod b/go.mod index 2956c103ac..5f3f900603 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-vpc-cni-k8s -go 1.22.3 +go 1.24.1 require ( github.com/apparentlymart/go-cidr v1.1.0 @@ -34,25 +34,26 @@ require ( github.com/stretchr/testify v1.10.0 github.com/vishvananda/netlink v1.3.0 go.uber.org/zap v1.27.0 - golang.org/x/net v0.33.0 - golang.org/x/sys v0.28.0 + golang.org/x/net v0.37.0 + golang.org/x/sys v0.31.0 google.golang.org/grpc v1.67.1 google.golang.org/protobuf v1.36.1 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 - helm.sh/helm/v3 v3.16.4 - k8s.io/api v0.31.3 - k8s.io/apimachinery v0.31.3 - k8s.io/cli-runtime v0.31.3 - k8s.io/client-go v0.31.3 + helm.sh/helm/v3 v3.17.3 + k8s.io/api v0.32.2 + k8s.io/apimachinery v0.32.2 + k8s.io/cli-runtime v0.32.2 + k8s.io/client-go v0.32.2 + k8s.io/klog/v2 v2.130.1 sigs.k8s.io/controller-runtime v0.19.1 ) require ( dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect @@ -77,7 +78,7 @@ require ( github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/cyphar/filepath-securejoin v0.3.4 // indirect + github.com/cyphar/filepath-securejoin v0.3.6 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v25.0.1+incompatible // indirect @@ -89,7 +90,7 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/fatih/color v1.13.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -98,13 +99,12 @@ require ( github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect @@ -115,11 +115,10 @@ require ( github.com/gorilla/mux v1.8.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/gosuri/uitable v0.0.4 // indirect - github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect + github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/huandu/xstrings v1.5.0 // indirect - github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jmoiron/sqlx v1.4.0 // indirect @@ -139,7 +138,7 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect - github.com/moby/spdystream v0.4.0 // indirect + github.com/moby/spdystream v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -151,7 +150,7 @@ require ( github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/procfs v0.15.1 // indirect - github.com/rubenv/sql-migrate v1.7.0 // indirect + github.com/rubenv/sql-migrate v1.7.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/safchain/ethtool v0.4.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -167,33 +166,31 @@ require ( go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect - go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.31.0 // indirect + golang.org/x/crypto v0.36.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/oauth2 v0.24.0 // indirect - golang.org/x/sync v0.10.0 // indirect - golang.org/x/term v0.27.0 // indirect - golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/sync v0.12.0 // indirect + golang.org/x/term v0.30.0 // indirect + golang.org/x/text v0.23.0 // indirect + golang.org/x/time v0.7.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.31.3 // indirect - k8s.io/apiserver v0.31.3 // indirect - k8s.io/component-base v0.31.3 // indirect - k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/kubectl v0.31.3 // indirect - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect + k8s.io/apiextensions-apiserver v0.32.2 // indirect + k8s.io/apiserver v0.32.2 // indirect + k8s.io/component-base v0.32.2 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/kubectl v0.32.2 // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect oras.land/oras-go v1.2.5 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.17.2 // indirect - sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/kustomize/api v0.18.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 0299d3245d..2818ebdea8 100644 --- a/go.sum +++ b/go.sum @@ -1,15 +1,13 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -94,15 +92,10 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembj github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= @@ -126,8 +119,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= -github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= +github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= +github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -154,14 +147,12 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arX github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= -github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -188,13 +179,14 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -205,21 +197,13 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= @@ -228,12 +212,7 @@ github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -254,8 +233,8 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= -github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc h1:f8eY6cV/x1x+HLjOp4r72s/31/V2aTUtg5oKRRPf8/Q= -github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -265,8 +244,6 @@ github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+l github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= -github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= @@ -330,8 +307,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= -github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= +github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= @@ -379,7 +356,6 @@ github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zI github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -393,8 +369,8 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= -github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= +github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4= +github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/safchain/ethtool v0.4.0 h1:vq1i2HCjshJNywOXFZ1BpwIjyeFR/kvNdHiRzqSElDI= @@ -422,6 +398,7 @@ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -463,8 +440,6 @@ go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6b go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -473,12 +448,8 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -488,10 +459,8 @@ golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -500,9 +469,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -510,7 +478,6 @@ golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -522,25 +489,19 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -555,26 +516,10 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -596,43 +541,41 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.16.4 h1:rBn/h9MACw+QlhxQTjpl8Ifx+VTWaYsw3rguGBYBzr0= -helm.sh/helm/v3 v3.16.4/go.mod h1:k8QPotUt57wWbi90w3LNmg3/MWcLPigVv+0/X4B8BzA= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= -k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= -k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= -k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.31.3 h1:+1oHTtCB+OheqFEz375D0IlzHZ5VeQKX1KGXnx+TTuY= -k8s.io/apiserver v0.31.3/go.mod h1:PrxVbebxrxQPFhJk4powDISIROkNMKHibTg9lTRQ0Qg= -k8s.io/cli-runtime v0.31.3 h1:fEQD9Xokir78y7pVK/fCJN090/iYNrLHpFbGU4ul9TI= -k8s.io/cli-runtime v0.31.3/go.mod h1:Q2jkyTpl+f6AtodQvgDI8io3jrfr+Z0LyQBPJJ2Btq8= -k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= -k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= -k8s.io/component-base v0.31.3 h1:DMCXXVx546Rfvhj+3cOm2EUxhS+EyztH423j+8sOwhQ= -k8s.io/component-base v0.31.3/go.mod h1:xME6BHfUOafRgT0rGVBGl7TuSg8Z9/deT7qq6w7qjIU= +helm.sh/helm/v3 v3.17.3 h1:3n5rW3D0ArjFl0p4/oWO8IbY/HKaNNwJtOQFdH2AZHg= +helm.sh/helm/v3 v3.17.3/go.mod h1:+uJKMH/UiMzZQOALR3XUf3BLIoczI2RKKD6bMhPh4G8= +k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= +k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= +k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4= +k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apiserver v0.32.2 h1:WzyxAu4mvLkQxwD9hGa4ZfExo3yZZaYzoYvvVDlM6vw= +k8s.io/apiserver v0.32.2/go.mod h1:PEwREHiHNU2oFdte7BjzA1ZyjWjuckORLIK/wLV5goM= +k8s.io/cli-runtime v0.32.2 h1:aKQR4foh9qeyckKRkNXUccP9moxzffyndZAvr+IXMks= +k8s.io/cli-runtime v0.32.2/go.mod h1:a/JpeMztz3xDa7GCyyShcwe55p8pbcCVQxvqZnIwXN8= +k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= +k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= +k8s.io/component-base v0.32.2 h1:1aUL5Vdmu7qNo4ZsE+569PV5zFatM9hl+lb3dEea2zU= +k8s.io/component-base v0.32.2/go.mod h1:PXJ61Vx9Lg+P5mS8TLd7bCIr+eMJRQTyXe8KvkrvJq0= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.31.3 h1:3r111pCjPsvnR98oLLxDMwAeM6OPGmPty6gSKaLTQes= -k8s.io/kubectl v0.31.3/go.mod h1:lhMECDCbJN8He12qcKqs2QfmVo9Pue30geovBVpH5fs= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/kubectl v0.32.2 h1:TAkag6+XfSBgkqK9I7ZvwtF0WVtUAvK8ZqTt+5zi1Us= +k8s.io/kubectl v0.32.2/go.mod h1:+h/NQFSPxiDZYX/WZaWw9fwYezGLISP0ud8nQKg+3g8= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= -sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= -sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= -sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo= +sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U= +sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E= +sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index d569161d1d..fe28fb0656 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -184,8 +184,7 @@ const ( INSUFFICIENT_FREE_IP_SUBNET = "InsufficientFreeAddressesInSubnet" // envEnableNetworkPolicy is used to enable IPAMD/CNI to send pod create events to network policy agent. - envNetworkPolicyMode = "NETWORK_POLICY_ENFORCING_MODE" - defaultNetworkPolicyMode = "standard" + envNetworkPolicyMode = "NETWORK_POLICY_ENFORCING_MODE" defaultMaxPodsFromKubelet = 110 kubeletConfigPath = "/host/etc/kubernetes/kubelet/kubelet-config.json" @@ -1846,13 +1845,14 @@ func EnablePodENI() bool { } func getNetworkPolicyMode() (string, error) { - if value := os.Getenv(envNetworkPolicyMode); value != "" { - if utils.IsValidNetworkPolicyEnforcingMode(value) { - return value, nil - } - return "", errors.New("invalid Network policy mode, supported modes: none, strict, standard") + value, exists := os.LookupEnv(envNetworkPolicyMode) + if !exists { + return "", nil + } + if utils.IsValidNetworkPolicyEnforcingMode(value) { + return value, nil } - return defaultNetworkPolicyMode, nil + return "", errors.New("invalid Network policy mode, supported modes: none, strict, standard") } func usePrefixDelegation() bool { diff --git a/pkg/ipamd/rpc_handler.go b/pkg/ipamd/rpc_handler.go index 236fa0f0a9..0e1cdbab98 100644 --- a/pkg/ipamd/rpc_handler.go +++ b/pkg/ipamd/rpc_handler.go @@ -302,9 +302,10 @@ func (s *server) DelNetwork(ctx context.Context, in *rpc.DelNetworkRequest) (*rp log.Errorf("Failed to unmarshal PodENIData JSON: %v", err) } return &rpc.DelNetworkReply{ - Success: true, - PodVlanId: int32(podENIData[0].VlanID), - IPv4Addr: podENIData[0].PrivateIP}, err + Success: true, + PodVlanId: int32(podENIData[0].VlanID), + IPv4Addr: podENIData[0].PrivateIP, + NetworkPolicyMode: s.ipamContext.networkPolicyMode}, err } } @@ -316,9 +317,9 @@ func (s *server) DelNetwork(ctx context.Context, in *rpc.DelNetworkRequest) (*rp } } - log.Infof("Send DelNetworkReply: IPv4Addr: %s, IPv6Addr: %s, DeviceNumber: %d, err: %v", ipv4Addr, ipv6Addr, deviceNumber, err) + log.Infof("Send DelNetworkReply: IPv4Addr: %s, IPv6Addr: %s, DeviceNumber: %d, NetworkPolicyMode: %s, err: %v", ipv4Addr, ipv6Addr, deviceNumber, s.ipamContext.networkPolicyMode, err) - return &rpc.DelNetworkReply{Success: err == nil, IPv4Addr: ipv4Addr, IPv6Addr: ipv6Addr, DeviceNumber: int32(deviceNumber)}, err + return &rpc.DelNetworkReply{Success: err == nil, IPv4Addr: ipv4Addr, IPv6Addr: ipv6Addr, DeviceNumber: int32(deviceNumber), NetworkPolicyMode: s.ipamContext.networkPolicyMode}, err } func (s *server) GetNetworkPolicyConfigs(ctx context.Context, e *emptypb.Empty) (*rpc.NetworkPolicyAgentConfigReply, error) { diff --git a/rpc/mocks/rpc_mocks.go b/rpc/mocks/rpc_mocks.go index 078153b0a0..bfc121282a 100644 --- a/rpc/mocks/rpc_mocks.go +++ b/rpc/mocks/rpc_mocks.go @@ -13,7 +13,7 @@ // // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/aws/amazon-vpc-cni-k8s/rpc (interfaces: CNIBackendClient,NPBackendClient,ConfigServerBackendClient) +// Source: github.com/aws/amazon-vpc-cni-k8s/rpc (interfaces: CNIBackendClient,NPBackendClient) // Package mock_rpc is a generated GoMock package. package mock_rpc @@ -25,7 +25,6 @@ import ( rpc "github.com/aws/amazon-vpc-cni-k8s/rpc" gomock "github.com/golang/mock/gomock" grpc "google.golang.org/grpc" - emptypb "google.golang.org/protobuf/types/known/emptypb" ) // MockCNIBackendClient is a mock of CNIBackendClient interface. @@ -153,46 +152,3 @@ func (mr *MockNPBackendClientMockRecorder) EnforceNpToPod(arg0, arg1 interface{} varargs := append([]interface{}{arg0, arg1}, arg2...) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "EnforceNpToPod", reflect.TypeOf((*MockNPBackendClient)(nil).EnforceNpToPod), varargs...) } - -// MockConfigServerBackendClient is a mock of ConfigServerBackendClient interface. -type MockConfigServerBackendClient struct { - ctrl *gomock.Controller - recorder *MockConfigServerBackendClientMockRecorder -} - -// MockConfigServerBackendClientMockRecorder is the mock recorder for MockConfigServerBackendClient. -type MockConfigServerBackendClientMockRecorder struct { - mock *MockConfigServerBackendClient -} - -// NewMockConfigServerBackendClient creates a new mock instance. -func NewMockConfigServerBackendClient(ctrl *gomock.Controller) *MockConfigServerBackendClient { - mock := &MockConfigServerBackendClient{ctrl: ctrl} - mock.recorder = &MockConfigServerBackendClientMockRecorder{mock} - return mock -} - -// EXPECT returns an object that allows the caller to indicate expected use. -func (m *MockConfigServerBackendClient) EXPECT() *MockConfigServerBackendClientMockRecorder { - return m.recorder -} - -// GetNetworkPolicyConfigs mocks base method. -func (m *MockConfigServerBackendClient) GetNetworkPolicyConfigs(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*rpc.NetworkPolicyAgentConfigReply, error) { - m.ctrl.T.Helper() - varargs := []interface{}{arg0, arg1} - for _, a := range arg2 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "GetNetworkPolicyConfigs", varargs...) - ret0, _ := ret[0].(*rpc.NetworkPolicyAgentConfigReply) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// GetNetworkPolicyConfigs indicates an expected call of GetNetworkPolicyConfigs. -func (mr *MockConfigServerBackendClientMockRecorder) GetNetworkPolicyConfigs(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetNetworkPolicyConfigs", reflect.TypeOf((*MockConfigServerBackendClient)(nil).GetNetworkPolicyConfigs), varargs...) -} diff --git a/rpc/rpc.pb.go b/rpc/rpc.pb.go index f58cd2b05b..ce6012f21d 100644 --- a/rpc/rpc.pb.go +++ b/rpc/rpc.pb.go @@ -377,7 +377,8 @@ type DelNetworkReply struct { IPv6Addr string `protobuf:"bytes,5,opt,name=IPv6Addr,proto3" json:"IPv6Addr,omitempty"` DeviceNumber int32 `protobuf:"varint,3,opt,name=DeviceNumber,proto3" json:"DeviceNumber,omitempty"` // start of pod-eni parameters - PodVlanId int32 `protobuf:"varint,4,opt,name=PodVlanId,proto3" json:"PodVlanId,omitempty"` // end of pod-eni parameters + PodVlanId int32 `protobuf:"varint,4,opt,name=PodVlanId,proto3" json:"PodVlanId,omitempty"` // end of pod-eni parameters + NetworkPolicyMode string `protobuf:"bytes,6,opt,name=NetworkPolicyMode,proto3" json:"NetworkPolicyMode,omitempty"` // next field: 7 } func (x *DelNetworkReply) Reset() { @@ -447,6 +448,13 @@ func (x *DelNetworkReply) GetPodVlanId() int32 { return 0 } +func (x *DelNetworkReply) GetNetworkPolicyMode() string { + if x != nil { + return x.NetworkPolicyMode + } + return "" +} + type EnforceNpRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -777,7 +785,7 @@ var file_rpc_proto_rawDesc = []byte{ 0x44, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x49, 0x66, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xa5, 0x01, 0x0a, 0x0f, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0xd3, 0x01, 0x0a, 0x0f, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x49, 0x50, 0x76, @@ -788,60 +796,63 @@ var file_rpc_proto_rawDesc = []byte{ 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x6f, 0x64, 0x56, 0x6c, 0x61, 0x6e, 0x49, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x50, 0x6f, 0x64, 0x56, 0x6c, 0x61, - 0x6e, 0x49, 0x64, 0x22, 0x90, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, - 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, 0x5f, - 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, 0x38, - 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, - 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x12, 0x2e, 0x0a, 0x13, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x11, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x50, 0x4f, 0x4c, 0x49, - 0x43, 0x59, 0x4d, 0x4f, 0x44, 0x45, 0x22, 0x2a, 0x0a, 0x0e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, - 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x22, 0x5f, 0x0a, 0x0f, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, - 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4b, 0x38, 0x53, - 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, 0x38, 0x53, 0x5f, 0x50, - 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, - 0x41, 0x43, 0x45, 0x22, 0x29, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, - 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x22, 0x4d, - 0x0a, 0x1d, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, - 0x67, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, - 0x2c, 0x0a, 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x32, 0x88, 0x01, - 0x0a, 0x0a, 0x43, 0x4e, 0x49, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3c, 0x0a, 0x0a, - 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x16, 0x2e, 0x72, 0x70, 0x63, - 0x2e, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x0a, 0x44, 0x65, - 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x16, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, - 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x32, 0x86, 0x01, 0x0a, 0x09, 0x4e, 0x50, 0x42, - 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, - 0x65, 0x4e, 0x70, 0x54, 0x6f, 0x50, 0x6f, 0x64, 0x12, 0x15, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, - 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x13, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, - 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x0b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x50, 0x6f, 0x64, 0x4e, 0x70, 0x12, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x72, 0x70, - 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, - 0x00, 0x32, 0x6e, 0x0a, 0x13, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x57, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x73, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x22, 0x2e, 0x72, 0x70, - 0x63, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, - 0x67, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, - 0x00, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x61, 0x77, 0x73, 0x2f, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x2d, 0x76, 0x70, 0x63, 0x2d, 0x63, - 0x6e, 0x69, 0x2d, 0x6b, 0x38, 0x73, 0x2f, 0x72, 0x70, 0x63, 0x3b, 0x72, 0x70, 0x63, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x49, 0x64, 0x12, 0x2c, 0x0a, 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, + 0x65, 0x22, 0x90, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, + 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4b, 0x38, + 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, 0x38, 0x53, 0x5f, + 0x50, 0x4f, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x53, + 0x50, 0x41, 0x43, 0x45, 0x12, 0x2e, 0x0a, 0x13, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x5f, + 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x11, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, + 0x4d, 0x4f, 0x44, 0x45, 0x22, 0x2a, 0x0a, 0x0e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, + 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x22, 0x5f, 0x0a, 0x0f, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, 0x5f, 0x4e, + 0x41, 0x4d, 0x45, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x4b, 0x38, 0x53, 0x50, 0x4f, + 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x12, 0x2a, 0x0a, 0x11, 0x4b, 0x38, 0x53, 0x5f, 0x50, 0x4f, 0x44, + 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0f, 0x4b, 0x38, 0x53, 0x50, 0x4f, 0x44, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, + 0x45, 0x22, 0x29, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, + 0x6c, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x22, 0x4d, 0x0a, 0x1d, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x67, 0x65, + 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x2c, 0x0a, + 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, + 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x32, 0x88, 0x01, 0x0a, 0x0a, + 0x43, 0x4e, 0x49, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3c, 0x0a, 0x0a, 0x41, 0x64, + 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x16, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x41, + 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x41, 0x64, 0x64, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x0a, 0x44, 0x65, 0x6c, 0x4e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x16, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, + 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, + 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x32, 0x86, 0x01, 0x0a, 0x09, 0x4e, 0x50, 0x42, 0x61, 0x63, + 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x0e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, + 0x70, 0x54, 0x6f, 0x50, 0x6f, 0x64, 0x12, 0x15, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x45, 0x6e, 0x66, + 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, + 0x72, 0x70, 0x63, 0x2e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, + 0x6c, 0x79, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x0b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x6f, + 0x64, 0x4e, 0x70, 0x12, 0x14, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x4e, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x72, 0x70, 0x63, 0x2e, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x70, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x32, + 0x6e, 0x0a, 0x13, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, + 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x57, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x73, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x22, 0x2e, 0x72, 0x70, 0x63, 0x2e, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x41, 0x67, 0x65, + 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, + 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x77, + 0x73, 0x2f, 0x61, 0x6d, 0x61, 0x7a, 0x6f, 0x6e, 0x2d, 0x76, 0x70, 0x63, 0x2d, 0x63, 0x6e, 0x69, + 0x2d, 0x6b, 0x38, 0x73, 0x2f, 0x72, 0x70, 0x63, 0x3b, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/rpc/rpc.proto b/rpc/rpc.proto index 794a7eb2e4..51a9e16608 100644 --- a/rpc/rpc.proto +++ b/rpc/rpc.proto @@ -65,7 +65,8 @@ message DelNetworkReply { int32 PodVlanId = 4; // end of pod-eni parameters - // next field: 6 + string NetworkPolicyMode = 6; + // next field: 7 } // The service definition. @@ -84,6 +85,15 @@ message EnforceNpReply { bool Success = 1; } +message DeleteNpRequest { + string K8S_POD_NAME = 1; + string K8S_POD_NAMESPACE = 2; +} + +message DeleteNpReply { + bool Success = 1; +} + // The service definition. service ConfigServerBackend { rpc GetNetworkPolicyConfigs (google.protobuf.Empty) returns (NetworkPolicyAgentConfigReply) {} diff --git a/test/agent/go.mod b/test/agent/go.mod index 6be10870ec..1b98f190b7 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -1,7 +1,6 @@ module github.com/aws/amazon-vpc-cni-k8s/test/agent -go 1.22.3 -toolchain go1.24.1 +go 1.24.1 require ( github.com/coreos/go-iptables v0.8.0 From 47106cf7a22959a8b99232fa2e4408f98bbc04e0 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Mon, 14 Apr 2025 21:56:17 -0700 Subject: [PATCH 59/60] remove unneeded metricsBindPort from charts (#3257) --- charts/aws-vpc-cni/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 14373dcebe..dcd4e80ce4 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -46,7 +46,6 @@ nodeAgent: networkPolicyAgentLogFileLocation: "/var/log/aws-routed-eni/network-policy-agent.log" enableIpv6: "false" metricsBindAddr: "8162" - metricsBindPort: "8162" healthProbeBindAddr: "8163" conntrackCacheCleanupPeriod: 300 resources: {} From 4166a0fb312027f904853a629f11bdc9028f9829 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Tue, 15 Apr 2025 12:19:16 -0700 Subject: [PATCH 60/60] bump up go version (#3259) --- .go-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.go-version b/.go-version index f9e8384bb6..e4a973f913 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.24.1 +1.24.2