From fd3a3840daa5a52c94e34b8451d07c2126cedaf5 Mon Sep 17 00:00:00 2001 From: Hao Zhou Date: Tue, 11 Jun 2024 17:15:46 +0000 Subject: [PATCH 1/2] update apimachinery, client-go and controller runtime versions --- .go-version | 2 +- .../v1alpha1/zz_generated.deepcopy.go | 1 - .../v1beta1/zz_generated.deepcopy.go | 1 - .../bases/vpcresources.k8s.aws_cninodes.yaml | 25 +++-- ...sources.k8s.aws_securitygrouppolicies.yaml | 100 ++++++++++-------- config/rbac/role.yaml | 2 - config/webhook/manifests.yaml | 16 ++- go.mod | 19 ++-- go.sum | 35 +++--- main.go | 7 +- .../core/annotation_validation_webhook.go | 4 +- webhooks/core/node_update_webhook.go | 4 +- webhooks/core/pod_webhook.go | 4 +- 13 files changed, 112 insertions(+), 108 deletions(-) diff --git a/.go-version b/.go-version index 0f6abf48..be02b337 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21 \ No newline at end of file +1.22.4 \ No newline at end of file diff --git a/apis/vpcresources/v1alpha1/zz_generated.deepcopy.go b/apis/vpcresources/v1alpha1/zz_generated.deepcopy.go index 30d7a9ed..74e62492 100644 --- a/apis/vpcresources/v1alpha1/zz_generated.deepcopy.go +++ b/apis/vpcresources/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // diff --git a/apis/vpcresources/v1beta1/zz_generated.deepcopy.go b/apis/vpcresources/v1beta1/zz_generated.deepcopy.go index d3910ca5..ea8f716e 100644 --- a/apis/vpcresources/v1beta1/zz_generated.deepcopy.go +++ b/apis/vpcresources/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. // diff --git a/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml b/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml index 0b4566da..6e152e15 100644 --- a/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml +++ b/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: cninodes.vpcresources.k8s.aws spec: group: vpcresources.k8s.aws @@ -27,20 +26,26 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: 'Important: Run "make" to regenerate code after modifying - this file CNINodeSpec defines the desired state of CNINode' + description: |- + Important: Run "make" to regenerate code after modifying this file + CNINodeSpec defines the desired state of CNINode properties: features: items: diff --git a/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml b/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml index 64d4aac0..31ce7edc 100644 --- a/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml +++ b/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: securitygrouppolicies.vpcresources.k8s.aws spec: group: vpcresources.k8s.aws @@ -29,14 +28,19 @@ spec: description: Custom Resource Definition for applying security groups to pods properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -44,52 +48,54 @@ spec: description: SecurityGroupPolicySpec defines the desired state of SecurityGroupPolicy properties: podSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic securityGroups: description: GroupIds contains the list of security groups that will be applied to the network interface of the pod matching the criteria. @@ -104,52 +110,54 @@ spec: type: array type: object serviceAccountSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object type: object served: true diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 5a87d016..55ada365 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: controller-role rules: - apiGroups: @@ -76,7 +75,6 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - creationTimestamp: null name: controller-role namespace: kube-system rules: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 78f57a87..cf8e7b86 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -2,7 +2,6 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - creationTimestamp: null name: mutating-webhook-configuration webhooks: - admissionReviewVersions: @@ -29,7 +28,6 @@ webhooks: apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null name: validating-webhook-configuration webhooks: - admissionReviewVersions: @@ -38,20 +36,19 @@ webhooks: service: name: webhook-service namespace: system - path: /validate-v1-pod + path: /validate-v1-node failurePolicy: Ignore matchPolicy: Equivalent - name: vpod.vpc.k8s.aws + name: vnode.vpc.k8s.aws rules: - apiGroups: - "" apiVersions: - v1 operations: - - CREATE - UPDATE resources: - - pods + - nodes sideEffects: None - admissionReviewVersions: - v1 @@ -59,17 +56,18 @@ webhooks: service: name: webhook-service namespace: system - path: /validate-v1-node + path: /validate-v1-pod failurePolicy: Ignore matchPolicy: Equivalent - name: vnode.vpc.k8s.aws + name: vpod.vpc.k8s.aws rules: - apiGroups: - "" apiVersions: - v1 operations: + - CREATE - UPDATE resources: - - nodes + - pods sideEffects: None diff --git a/go.mod b/go.mod index be63ddde..037e12f8 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/aws/amazon-vpc-resource-controller-k8s -go 1.21 +go 1.22.4 require ( github.com/aws/amazon-vpc-cni-k8s v1.18.1 @@ -19,10 +19,10 @@ require ( go.uber.org/zap v1.26.0 golang.org/x/time v0.5.0 gomodules.xyz/jsonpatch/v2 v2.4.0 - k8s.io/api v0.29.3 - k8s.io/apimachinery v0.29.3 - k8s.io/client-go v0.29.3 - sigs.k8s.io/controller-runtime v0.17.0 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 + sigs.k8s.io/controller-runtime v0.18.4 ) require ( @@ -38,7 +38,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.7.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -75,10 +75,9 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.29.0 // indirect - k8s.io/component-base v0.29.0 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/go.sum b/go.sum index 6069a9a2..cb5c7b2d 100644 --- a/go.sum +++ b/go.sum @@ -16,11 +16,10 @@ github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxER github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= -github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -213,24 +212,22 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= -k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= -k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= -k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= -k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= -k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= -k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= -sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= +sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/main.go b/main.go index 83043cb8..638de939 100644 --- a/main.go +++ b/main.go @@ -420,20 +420,21 @@ func main() { webhookServer := mgr.GetWebhookServer() setupLog.Info("registering webhooks to the webhook server") + decoder := admission.NewDecoder(mgr.GetScheme()) podMutationWebhook := webhookcore.NewPodMutationWebHook( - sgpAPI, ctrl.Log.WithName("resource mutating webhook"), controllerConditions, admission.NewDecoder(mgr.GetScheme()), healthzHandler) + sgpAPI, ctrl.Log.WithName("resource mutating webhook"), controllerConditions, decoder, healthzHandler) webhookServer.Register("/mutate-v1-pod", &webhook.Admission{ Handler: podMutationWebhook, }) nodeValidateWebhook := webhookcore.NewNodeUpdateWebhook( - controllerConditions, ctrl.Log.WithName("node validating webhook"), admission.NewDecoder(mgr.GetScheme()), healthzHandler) + controllerConditions, ctrl.Log.WithName("node validating webhook"), decoder, healthzHandler) webhookServer.Register("/validate-v1-node", &webhook.Admission{ Handler: nodeValidateWebhook}) // Validating webhook for pod. annotationValidator := webhookcore.NewAnnotationValidator( - controllerConditions, ctrl.Log.WithName("annotation validating webhook"), admission.NewDecoder(mgr.GetScheme()), healthzHandler) + controllerConditions, ctrl.Log.WithName("annotation validating webhook"), decoder, healthzHandler) webhookServer.Register("/validate-v1-pod", &webhook.Admission{ Handler: annotationValidator}) diff --git a/webhooks/core/annotation_validation_webhook.go b/webhooks/core/annotation_validation_webhook.go index f108f30a..5529857a 100644 --- a/webhooks/core/annotation_validation_webhook.go +++ b/webhooks/core/annotation_validation_webhook.go @@ -34,13 +34,13 @@ import ( // AnnotationValidator validates the resource allocated to the Pod via annotations. The WebHook // prevents unauthorized user from modifying/removing these Annotations. type AnnotationValidator struct { - decoder *admission.Decoder + decoder admission.Decoder Condition condition.Conditions Log logr.Logger Checker healthz.Checker } -func NewAnnotationValidator(condition condition.Conditions, log logr.Logger, d *admission.Decoder, healthzHandler *rcHealthz.HealthzHandler) *AnnotationValidator { +func NewAnnotationValidator(condition condition.Conditions, log logr.Logger, d admission.Decoder, healthzHandler *rcHealthz.HealthzHandler) *AnnotationValidator { annotationValidator := &AnnotationValidator{ Condition: condition, Log: log, diff --git a/webhooks/core/node_update_webhook.go b/webhooks/core/node_update_webhook.go index 4c88e967..a954f963 100644 --- a/webhooks/core/node_update_webhook.go +++ b/webhooks/core/node_update_webhook.go @@ -15,13 +15,13 @@ import ( ) type NodeUpdateWebhook struct { - decoder *admission.Decoder + decoder admission.Decoder Condition condition.Conditions Log logr.Logger Checker healthz.Checker } -func NewNodeUpdateWebhook(condition condition.Conditions, log logr.Logger, d *admission.Decoder, healthzHandler *rcHealthz.HealthzHandler) *NodeUpdateWebhook { +func NewNodeUpdateWebhook(condition condition.Conditions, log logr.Logger, d admission.Decoder, healthzHandler *rcHealthz.HealthzHandler) *NodeUpdateWebhook { nodeUpdateWebhook := &NodeUpdateWebhook{ Condition: condition, Log: log, diff --git a/webhooks/core/pod_webhook.go b/webhooks/core/pod_webhook.go index b6fa0019..ba1b3479 100644 --- a/webhooks/core/pod_webhook.go +++ b/webhooks/core/pod_webhook.go @@ -41,7 +41,7 @@ const ( // PodResourceInjector injects resources into Pods type PodMutationWebHook struct { - decoder *admission.Decoder + decoder admission.Decoder SGPAPI utils.SecurityGroupForPodsAPI Log logr.Logger Condition condition.Conditions @@ -51,7 +51,7 @@ func NewPodMutationWebHook( sgpAPI utils.SecurityGroupForPodsAPI, log logr.Logger, condition condition.Conditions, - d *admission.Decoder, + d admission.Decoder, healthzHandler *rcHealthz.HealthzHandler, ) *PodMutationWebHook { podWebhook := &PodMutationWebHook{ From 7d3a51041f74fde07de4cd2ed217d6e1137eec3a Mon Sep 17 00:00:00 2001 From: Hao Zhou Date: Tue, 13 Aug 2024 19:23:14 +0000 Subject: [PATCH 2/2] use larger value from hardcoded limit and instance loaded interfaces count --- pkg/aws/ec2/instance.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/aws/ec2/instance.go b/pkg/aws/ec2/instance.go index adde9058..7833fd8c 100644 --- a/pkg/aws/ec2/instance.go +++ b/pkg/aws/ec2/instance.go @@ -147,6 +147,11 @@ func (i *ec2Instance) LoadDetails(ec2APIHelper api.EC2APIHelper) error { // we want to make sure to use the smaller number between instance max supported interfaces and the default card max supported interfaces maxInterfaces := utils.Minimum(int64(limits.Interface), defaultNetworkCardLimit) + // if EC2 increases the instance max count of interfaces, we need override the hardcoded max count + // if EC2 decreases the instance max count of interfaces, we will be broken later on when we assign trunk to the instance + // since we can't use a smaller value than the hardcoded limit based on instance loaded interfaces length + maxInterfaces = utils.Maximum(maxInterfaces, int64(len(instance.NetworkInterfaces))) + i.deviceIndexes = make([]bool, int(maxInterfaces)) for _, nwInterface := range instance.NetworkInterfaces { index := nwInterface.Attachment.DeviceIndex