diff --git a/cluster/cluster.yaml b/cluster/cluster.yaml index 35009af150..d8f3cc7163 100644 --- a/cluster/cluster.yaml +++ b/cluster/cluster.yaml @@ -1465,10 +1465,10 @@ Resources: Effect: Allow Resource: '*' {{if ne "" .Cluster.ConfigItems.zmon_accessible_s3_buckets}} - {{range $bucket := split "," .Cluster.ConfigItems.zmon_accessible_s3_buckets}} + {{range $bucket := split .Cluster.ConfigItems.zmon_accessible_s3_buckets ","}} - Action: 's3:GetObject' Effect: Allow - Resource: '$bucket' + Resource: 'arn:aws:s3:::{{ $bucket }}/*' {{end}} {{end}} - Action: 'sqs:GetQueueAttributes' diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index f9225eb14e..e2cb7bb947 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -101,11 +101,13 @@ skipper_readiness_init_delay_seconds: 1 skipper_liveness_init_delay_seconds: 30 {{end}} # skipper termination settings -# grace period needs to be >timeouts and healtcheck wait -# wait for healtcheck needs to be skipper_idle_timeout_server -skipper_termination_grace_period: "360" -skipper_wait_for_healthcheck_interval: "355s" +# (10s LB healthcheck interval) * (3 unhealthy threshold + margin of 1 interval) +skipper_wait_for_healthcheck_interval: "40s" +# (350s of fixed NLB connection idle timeout) + (margin of 2s) skipper_idle_timeout_server: "352s" +# wait long enough for LB to detect unhealthy node and all connections become idle, +# i.e. skipper_wait_for_healthcheck_interval + skipper_idle_timeout_server +skipper_termination_grace_period: "392" # skipper redis settings enable_dedicate_nodepool_skipper_redis: "false" @@ -488,7 +490,7 @@ tracing_coredns_local_zone_traces_endpoint: "" # AMI id given the image name and the Image AWS account owner. # # [0]: https://github.com/zalando-incubator/cluster-lifecycle-manager/blob/8a9bd1cb2d094038a9e23e646421f8146b48886a/provisioner/template.go#L116 -kuberuntu_image_v1_21: {{ amiID "zalando-ubuntu-kubernetes-production-v1.21.9-master-207" "861068367966"}} +kuberuntu_image_v1_21: {{ amiID "zalando-ubuntu-kubernetes-production-v1.21.11-master-213" "861068367966"}} # Feature toggle for auditing events audit_pod_events: "true" @@ -712,4 +714,4 @@ observability_metrics_endpoint: "tracing.platform-infrastructure.zalan.do" observability_metrics_port: "8443" # list of comma separated buckets which are accessible by zmon -zmon_accessible_s3_buckets: "" \ No newline at end of file +zmon_accessible_s3_buckets: "" diff --git a/cluster/manifests/prometheus/statefulset.yaml b/cluster/manifests/prometheus/statefulset.yaml index a61b82f6b7..02f4057887 100644 --- a/cluster/manifests/prometheus/statefulset.yaml +++ b/cluster/manifests/prometheus/statefulset.yaml @@ -6,7 +6,7 @@ metadata: labels: application: kubernetes component: prometheus - version: v2.32.1 + version: v2.34.0 {{- if ne .ConfigItems.prometheus_csi_ebs "true" }} name: prometheus {{- else }} @@ -26,7 +26,7 @@ spec: statefulset: prometheus application: kubernetes component: prometheus - version: v2.32.1 + version: v2.34.0 annotations: config/hash: {{"configmap.yaml" | manifestHash}} logging/destination: "{{.Cluster.ConfigItems.log_destination_infra}}" @@ -63,7 +63,7 @@ spec: mountPath: /prometheus containers: - name: prometheus - image: registry.opensource.zalan.do/teapot/prometheus:v2.32.1 + image: registry.opensource.zalan.do/teapot/prometheus:v2.34.0 args: - "--config.file=/prometheus/prometheus.yaml" - "--storage.tsdb.path=/prometheus/" diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 4813493d5b..defcf48b00 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,4 +1,4 @@ -{{ $internal_version := "v0.13.185-238" }} +{{ $internal_version := "v0.13.192-245" }} {{ $version := index (split $internal_version "-") 0 }} apiVersion: apps/v1 diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index fe3b67364d..1b4ff9c1ef 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -200,7 +200,7 @@ write_files: requests: cpu: 100m memory: 200Mi - - image: registry.opensource.zalan.do/teapot/admission-controller:master-143 + - image: registry.opensource.zalan.do/teapot/admission-controller:master-144 name: admission-controller lifecycle: preStop: @@ -580,7 +580,7 @@ write_files: effect: NoSchedule containers: - name: kube-controller-manager - image: {{if eq .Cluster.ConfigItems.kubernetes_controller_manager_image "zalando" }}registry.opensource.zalan.do/teapot/kube-controller-manager-internal:v1.21.9-2{{else}}nonexistent.zalan.do/teapot/kube-controller-manager:fixed{{end}} + image: nonexistent.zalan.do/teapot/{{if eq .Cluster.ConfigItems.kubernetes_controller_manager_image "zalando" }}kube-controller-manager-internal{{else}}kube-controller-manager{{end}}:fixed args: - --kubeconfig=/etc/kubernetes/controller-manager-kubeconfig - --leader-elect=true diff --git a/test/e2e/Makefile b/test/e2e/Makefile index 5cf3364f1b..d719807d39 100644 --- a/test/e2e/Makefile +++ b/test/e2e/Makefile @@ -2,7 +2,7 @@ BINARY ?= kubernetes-on-aws-e2e VERSION ?= $(shell git describe --tags --always --dirty) -KUBE_VERSION ?= v1.21.9 +KUBE_VERSION ?= v1.21.11 IMAGE ?= pierone.stups.zalan.do/teapot/$(BINARY) TAG ?= $(VERSION) DOCKERFILE ?= Dockerfile diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 1828ba54a7..3edc45cfb0 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -16,10 +16,10 @@ require ( github.com/zalando-incubator/kube-aws-iam-controller v0.1.2 gopkg.in/gcfg.v1 v1.2.3 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/api v0.21.9 - k8s.io/apimachinery v0.21.9 + k8s.io/api v0.21.11 + k8s.io/apimachinery v0.21.11 k8s.io/apiserver v0.0.0 - k8s.io/client-go v0.21.9 + k8s.io/client-go v0.21.11 k8s.io/kubernetes v0.0.0 ) @@ -211,8 +211,8 @@ require ( k8s.io/metrics v0.0.0 // indirect k8s.io/mount-utils v0.0.0 // indirect k8s.io/sample-apiserver v0.0.0 // indirect - k8s.io/utils v0.0.0-20210521133846-da695404a2bc // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27 // indirect + k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 // indirect sigs.k8s.io/kustomize/api v0.8.8 // indirect sigs.k8s.io/kustomize/kyaml v0.10.17 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index c328033423..d79a51ed4f 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -730,6 +730,8 @@ go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0H go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= +go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= @@ -777,6 +779,7 @@ golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -938,6 +941,7 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -960,6 +964,7 @@ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200616195046-dc31b401abb5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1090,8 +1095,8 @@ k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd h1:sOHNzJIkytDF6qadMNKhhD k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/system-validators v1.4.0/go.mod h1:bPldcLgkIUK22ALflnsXk8pvkTEndYdNuaHH6gRrl0Q= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20210521133846-da695404a2bc h1:dx6VGe+PnOW/kD/2UV4aUSsRfJGd7+lcqgJ6Xg0HwUs= -k8s.io/utils v0.0.0-20210521133846-da695404a2bc/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20211116205334-6203023598ed h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE= +k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= @@ -1101,8 +1106,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27 h1:KQOkVzXrLNb0EP6W0FD6u3CCPAwgXFYwZitbj7K0P0Y= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.27/go.mod h1:tq2nT0Kx7W+/f2JVE+zxYtUhdjuELJkVpNz+x/QN5R4= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 h1:dUk62HQ3ZFhD48Qr8MIXCiKA8wInBQCtuE4QGfFW7yA= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw= sigs.k8s.io/controller-tools v0.4.0/go.mod h1:G9rHdZMVlBDocIxGkK3jHLWqcTMNvveypYJwrvYKjWU= sigs.k8s.io/kustomize/api v0.8.8 h1:G2z6JPSSjtWWgMeWSoHdXqyftJNmMmyxXpwENGoOtGE= sigs.k8s.io/kustomize/api v0.8.8/go.mod h1:He1zoK0nk43Pc6NlV085xDXDXTNprtcyKZVm3swsdNY=