From 461c0871cf45052f88422844bdd58a0342809399 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Wed, 24 May 2023 21:52:39 +0300 Subject: [PATCH 1/3] Update Cilium to v1.12.10 --- pkg/model/components/cilium.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/model/components/cilium.go b/pkg/model/components/cilium.go index a8f6892128e10..9f71d0a96fb14 100644 --- a/pkg/model/components/cilium.go +++ b/pkg/model/components/cilium.go @@ -40,7 +40,7 @@ func (b *CiliumOptionsBuilder) BuildOptions(o interface{}) error { } if c.Version == "" { - c.Version = "v1.12.5" + c.Version = "v1.12.10" } if c.EnableEndpointHealthChecking == nil { From e69edddfda5bcac8b6231414978073fbfe03a644 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Wed, 24 May 2023 21:55:57 +0300 Subject: [PATCH 2/3] hack/update-expected.sh --- ...s_s3_object_cluster-completed.spec_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 2 +- ...dons-networking.cilium.io-k8s-1.16_content | 26 +++++++++++++---- ...des.minimal-warmpool.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 2 +- ...mpool.example.com-addons-bootstrap_content | 2 +- ...dons-networking.cilium.io-k8s-1.16_content | 26 +++++++++++++---- .../aws_s3_object_nodeupconfig-nodes_content | 4 +-- ...s_s3_object_cluster-completed.spec_content | 2 +- ...minimal.k8s.local-addons-bootstrap_content | 2 +- ...dons-networking.cilium.io-k8s-1.16_content | 26 +++++++++++++---- ...s_s3_object_cluster-completed.spec_content | 2 +- ...ilium.example.com-addons-bootstrap_content | 2 +- ...dons-networking.cilium.io-k8s-1.16_content | 26 +++++++++++++---- ...s_s3_object_cluster-completed.spec_content | 2 +- ...ilium.example.com-addons-bootstrap_content | 2 +- ...dons-networking.cilium.io-k8s-1.16_content | 26 +++++++++++++---- ...s_s3_object_cluster-completed.spec_content | 2 +- ...ilium.example.com-addons-bootstrap_content | 2 +- ...dons-networking.cilium.io-k8s-1.16_content | 28 +++++++++++++++---- ...s_s3_object_cluster-completed.spec_content | 2 +- ...anced.example.com-addons-bootstrap_content | 2 +- ...dons-networking.cilium.io-k8s-1.16_content | 26 +++++++++++++---- .../cilium/manifest.yaml | 2 +- .../insecure-1.19/manifest.yaml | 2 +- .../metrics-server/secure-1.19/manifest.yaml | 2 +- 26 files changed, 168 insertions(+), 56 deletions(-) diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content index 93e290697af91..84ef74a768402 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content @@ -236,7 +236,7 @@ spec: sidecarIstioProxyImage: cilium/istio_proxy toFqdnsDnsRejectResponseCode: refused tunnel: disabled - version: v1.12.5 + version: v1.12.10 nonMasqueradeCIDR: ::/0 secretStore: memfs://clusters.example.com/minimal-ipv6.example.com/secrets serviceClusterIPRange: fd00:5e4f:ce::/108 diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index be511d4540aeb..4b83401d11d3e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: f067524e5a9b34b2ed9533fe81e308cc7d25723ffbbd54be681be00f9edf155c + manifestHash: dea487bf6b1b7fe738189959345233264860eb0476be3aa9bf2adea26c8d62e2 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content index b1ebb1c3a8d1a..f97bc9bd2454e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -454,7 +454,7 @@ spec: value: api.internal.minimal-ipv6.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -519,8 +519,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/cilium/clustermesh @@ -536,6 +534,24 @@ spec: name: xtables-lock hostNetwork: true initContainers: + - command: + - /install-plugin.sh + image: quay.io/cilium/cilium:v1.12.10 + imagePullPolicy: IfNotPresent + name: install-cni-binaries + resources: + requests: + cpu: 100m + memory: 10Mi + securityContext: + capabilities: + drop: + - ALL + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path - command: - /init-container.sh env: @@ -551,7 +567,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: @@ -688,7 +704,7 @@ spec: value: api.internal.minimal-ipv6.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/operator:v1.12.5 + image: quay.io/cilium/operator:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data index 11df171c9c034..ace89ff1c170b 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data @@ -177,7 +177,7 @@ ConfigServer: - https://kops-controller.internal.minimal-warmpool.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: etxF12d5FOTWEiQyh5jdrDOmYecD639XnWKCQk3xF+Q= +NodeupConfigHash: n2pd1x+RceYtlzVyoiNOxnGejm5hoU5YTceFEy1yWxc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content index c1b59f86c1bce..17d26b76ec832 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content @@ -227,7 +227,7 @@ spec: sidecarIstioProxyImage: cilium/istio_proxy toFqdnsDnsRejectResponseCode: refused tunnel: vxlan - version: v1.12.5 + version: v1.12.10 nonMasqueradeCIDR: 100.64.0.0/10 podCIDR: 100.96.0.0/11 secretStore: memfs://clusters.example.com/minimal-warmpool.example.com/secrets diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content index 8fbc14a1a604b..a06ac9e492f01 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: e94026a9dabe207b365e65f483c6f584be7b0ac125767a4e8487472741297b18 + manifestHash: e47a9b297b7164c269de1f5218bbf5112ce68771648075156819f04c151d0814 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content index a594690f20d26..aa6bd0356f210 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -454,7 +454,7 @@ spec: value: api.internal.minimal-warmpool.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -519,8 +519,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/cilium/clustermesh @@ -536,6 +534,24 @@ spec: name: xtables-lock hostNetwork: true initContainers: + - command: + - /install-plugin.sh + image: quay.io/cilium/cilium:v1.12.10 + imagePullPolicy: IfNotPresent + name: install-cni-binaries + resources: + requests: + cpu: 100m + memory: 10Mi + securityContext: + capabilities: + drop: + - ALL + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path - command: - /init-container.sh env: @@ -551,7 +567,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: @@ -688,7 +704,7 @@ spec: value: api.internal.minimal-warmpool.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/operator:v1.12.5 + image: quay.io/cilium/operator:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content index 4ae20b61d2346..cdd48c94301df 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content @@ -66,8 +66,8 @@ useInstanceIDForNodeName: true usesLegacyGossip: false usesNoneDNS: false warmPoolImages: -- quay.io/cilium/cilium:v1.12.5 -- quay.io/cilium/operator:v1.12.5 +- quay.io/cilium/cilium:v1.12.10 +- quay.io/cilium/operator:v1.12.10 - registry.k8s.io/kube-proxy:v1.26.0 - registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.14.1 - registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.0 diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content index 7c81233c2630c..c05c4a79a6e73 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content @@ -207,7 +207,7 @@ spec: sidecarIstioProxyImage: cilium/istio_proxy toFqdnsDnsRejectResponseCode: refused tunnel: vxlan - version: v1.12.5 + version: v1.12.10 nonMasqueradeCIDR: 100.64.0.0/10 podCIDR: 100.96.0.0/11 secretStore: memfs://tests/scw-minimal.k8s.local/secrets diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content index b3c095551b94a..ea2f466d640ba 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content @@ -62,7 +62,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: 2a401de64e2b3059502cd039f8da8da993b4e1577d202fb1b02f154a7850ee73 + manifestHash: 6fae0d9dfb1e3c9adeaa10ec433a5cd5b738149e5e50bd9c1522618911a8a8f1 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-networking.cilium.io-k8s-1.16_content index 8fb74c8bcc55a..873ee8b57ea0e 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-networking.cilium.io-k8s-1.16_content @@ -454,7 +454,7 @@ spec: value: api.internal.scw-minimal.k8s.local - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -519,8 +519,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/cilium/clustermesh @@ -536,6 +534,24 @@ spec: name: xtables-lock hostNetwork: true initContainers: + - command: + - /install-plugin.sh + image: quay.io/cilium/cilium:v1.12.10 + imagePullPolicy: IfNotPresent + name: install-cni-binaries + resources: + requests: + cpu: 100m + memory: 10Mi + securityContext: + capabilities: + drop: + - ALL + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path - command: - /init-container.sh env: @@ -551,7 +567,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: @@ -688,7 +704,7 @@ spec: value: api.internal.scw-minimal.k8s.local - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/operator:v1.12.5 + image: quay.io/cilium/operator:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content index 078d5fa81b3d6..bd1bebc8d82be 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content @@ -229,7 +229,7 @@ spec: sidecarIstioProxyImage: cilium/istio_proxy toFqdnsDnsRejectResponseCode: refused tunnel: disabled - version: v1.12.5 + version: v1.12.10 nonMasqueradeCIDR: 100.64.0.0/10 podCIDR: 100.96.0.0/11 secretStore: memfs://clusters.example.com/privatecilium.example.com/secrets diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index a952351b96c60..dccab5c1dcce2 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: a74648938bd05093db333999da4d5acb9277c5d4111f5919a19d1e980f544e4b + manifestHash: 6c62e2232c454c915ee5eaba78b28b4e2b26df64dd006a736a2cb2d7235b40d5 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content index bb36d12a19151..f7457b3147b78 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -457,7 +457,7 @@ spec: value: api.internal.privatecilium.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -522,8 +522,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/cilium/clustermesh @@ -539,6 +537,24 @@ spec: name: xtables-lock hostNetwork: true initContainers: + - command: + - /install-plugin.sh + image: quay.io/cilium/cilium:v1.12.10 + imagePullPolicy: IfNotPresent + name: install-cni-binaries + resources: + requests: + cpu: 100m + memory: 10Mi + securityContext: + capabilities: + drop: + - ALL + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path - command: - /init-container.sh env: @@ -554,7 +570,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: @@ -691,7 +707,7 @@ spec: value: api.internal.privatecilium.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/operator:v1.12.5 + image: quay.io/cilium/operator:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content index e9f1d5be50e83..23084a1116ae7 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content @@ -237,7 +237,7 @@ spec: sidecarIstioProxyImage: cilium/istio_proxy toFqdnsDnsRejectResponseCode: refused tunnel: vxlan - version: v1.12.5 + version: v1.12.10 nonMasqueradeCIDR: 100.64.0.0/10 podCIDR: 100.96.0.0/11 secretStore: memfs://clusters.example.com/privatecilium.example.com/secrets diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index 3bb8a3cca98db..0c453551f3a7c 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: d1db96e7bf2e42c0e9514182f66fc48ca5eca29063c103f5e1b73c770f750c3a + manifestHash: b1fd164b9daad8e508ed4586271d5646be9696e1f23a15b9a79d12f771eb9ed9 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content index a6370f28f26f3..f5af66ba7deb3 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -458,7 +458,7 @@ spec: value: api.internal.privatecilium.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -523,8 +523,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/cilium/clustermesh @@ -540,6 +538,24 @@ spec: name: xtables-lock hostNetwork: true initContainers: + - command: + - /install-plugin.sh + image: quay.io/cilium/cilium:v1.12.10 + imagePullPolicy: IfNotPresent + name: install-cni-binaries + resources: + requests: + cpu: 100m + memory: 10Mi + securityContext: + capabilities: + drop: + - ALL + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path - command: - /init-container.sh env: @@ -555,7 +571,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: @@ -696,7 +712,7 @@ spec: value: api.internal.privatecilium.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/operator:v1.12.5 + image: quay.io/cilium/operator:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content index 5b96953969cff..db57e23f8e1aa 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content @@ -232,7 +232,7 @@ spec: sidecarIstioProxyImage: cilium/istio_proxy toFqdnsDnsRejectResponseCode: refused tunnel: vxlan - version: v1.12.5 + version: v1.12.10 nonMasqueradeCIDR: 100.64.0.0/10 podCIDR: 100.96.0.0/11 secretStore: memfs://clusters.example.com/privatecilium.example.com/secrets diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index 5a39b01fa6b85..a88dddfe73271 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -111,7 +111,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: ba167eb44300511acb7079eaa68f90d368ef4c469b9e16b1dc96b687ff6ea5ed + manifestHash: fa6d1a824457511482c155258094dff8b7f290afa61efd821a3d6577f3698a7a name: networking.cilium.io needsPKI: true needsRollingUpdate: all diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content index 0bf71db8df2b5..520580a5457b1 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -519,7 +519,7 @@ spec: value: api.internal.privatecilium.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -584,8 +584,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/cilium/clustermesh @@ -604,6 +602,24 @@ spec: readOnly: true hostNetwork: true initContainers: + - command: + - /install-plugin.sh + image: quay.io/cilium/cilium:v1.12.10 + imagePullPolicy: IfNotPresent + name: install-cni-binaries + resources: + requests: + cpu: 100m + memory: 10Mi + securityContext: + capabilities: + drop: + - ALL + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path - command: - /init-container.sh env: @@ -619,7 +635,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: @@ -760,7 +776,7 @@ spec: value: api.internal.privatecilium.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/operator:v1.12.5 + image: quay.io/cilium/operator:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -848,7 +864,7 @@ spec: env: - name: GODEBUG value: x509ignoreCN=0 - image: quay.io/cilium/hubble-relay:v1.12.5 + image: quay.io/cilium/hubble-relay:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: tcpSocket: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content index 68fd5a75c7f1e..721ec36332cd3 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content @@ -244,7 +244,7 @@ spec: sidecarIstioProxyImage: cilium/istio_proxy toFqdnsDnsRejectResponseCode: refused tunnel: disabled - version: v1.12.5 + version: v1.12.10 nonMasqueradeCIDR: 100.64.0.0/10 podCIDR: 100.96.0.0/11 secretStore: memfs://clusters.example.com/privateciliumadvanced.example.com/secrets diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content index 5b36d7a90a92a..89557fb8a94aa 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: c562a1618bc207bcf3727a40e87ae098596e7281afc035425172d23814d2100c + manifestHash: 2ca8c035cbd862c4b795b02f19bf61e400064f8018fcc53ab6744505bf1a3c61 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content index e9efa01656bc7..26d1b5ac142d3 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -468,7 +468,7 @@ spec: value: api.internal.privateciliumadvanced.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -533,8 +533,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/etcd-config @@ -556,6 +554,24 @@ spec: name: xtables-lock hostNetwork: true initContainers: + - command: + - /install-plugin.sh + image: quay.io/cilium/cilium:v1.12.10 + imagePullPolicy: IfNotPresent + name: install-cni-binaries + resources: + requests: + cpu: 100m + memory: 10Mi + securityContext: + capabilities: + drop: + - ALL + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path - command: - /init-container.sh env: @@ -571,7 +587,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: quay.io/cilium/cilium:v1.12.5 + image: quay.io/cilium/cilium:v1.12.10 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: @@ -719,7 +735,7 @@ spec: value: api.internal.privateciliumadvanced.example.com - name: KUBERNETES_SERVICE_PORT value: "443" - image: quay.io/cilium/operator:v1.12.5 + image: quay.io/cilium/operator:v1.12.10 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index 0d93a066a7d51..c8303b04e4894 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -48,7 +48,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: d0d0425155f3251dda3a1f9fdfd7e9bae02f50380d0a503f47968887ae0a3767 + manifestHash: 2045965a451579b2a01239022b29fe8e47c01659a11e2e1ebb951e6c0fd7ccbc name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml index 670c4711333fc..830d3726c5d16 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml @@ -55,7 +55,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: d0d0425155f3251dda3a1f9fdfd7e9bae02f50380d0a503f47968887ae0a3767 + manifestHash: 2045965a451579b2a01239022b29fe8e47c01659a11e2e1ebb951e6c0fd7ccbc name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml index 387264b7dbdd2..3beee938b27af 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml @@ -112,7 +112,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.12.yaml - manifestHash: d0d0425155f3251dda3a1f9fdfd7e9bae02f50380d0a503f47968887ae0a3767 + manifestHash: 2045965a451579b2a01239022b29fe8e47c01659a11e2e1ebb951e6c0fd7ccbc name: networking.cilium.io needsRollingUpdate: all selector: From f9e3ed35e1ba13690108e429921a346894a37a7a Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Wed, 24 May 2023 21:08:01 +0300 Subject: [PATCH 3/3] Reduce the list of skipped e2e test for Cilium --- tests/e2e/pkg/tester/skip_regex.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/e2e/pkg/tester/skip_regex.go b/tests/e2e/pkg/tester/skip_regex.go index 34301b231624c..ac9f12602060c 100644 --- a/tests/e2e/pkg/tester/skip_regex.go +++ b/tests/e2e/pkg/tester/skip_regex.go @@ -63,17 +63,12 @@ func (t *Tester) setSkipRegexFlag() error { // https://github.com/cilium/cilium/issues/15361 skipRegex += "|external.IP.is.not.assigned.to.a.node" // https://github.com/cilium/cilium/issues/14287 - skipRegex += "|same.port.number.but.different.protocols|same.hostPort.but.different.hostIP.and.protocol" + skipRegex += "|same.port.number.but.different.protocols" + skipRegex += "|same.hostPort.but.different.hostIP.and.protocol" // https://github.com/cilium/cilium/issues/9207 skipRegex += "|serve.endpoints.on.same.port.and.different.protocols" // This may be fixed in Cilium 1.13 but skipping for now skipRegex += "|Service.with.multiple.ports.specified.in.multiple.EndpointSlices" - if k8sVersion.Minor >= 22 { - // ref: - // https://github.com/kubernetes/kubernetes/issues/96717 - // https://github.com/cilium/cilium/issues/5719 - skipRegex += "|should.create.a.Pod.with.SCTP.HostPort" - } // https://github.com/cilium/cilium/issues/18241 skipRegex += "|Services.should.create.endpoints.for.unready.pods" skipRegex += "|Services.should.be.able.to.connect.to.terminating.and.unready.endpoints.if.PublishNotReadyAddresses.is.true"