diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index a284243c55..ba50c6d0b0 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/nightly-cron-tests.yaml b/.github/workflows/nightly-cron-tests.yaml index 095d8e94ac..0ac5f6b668 100644 --- a/.github/workflows/nightly-cron-tests.yaml +++ b/.github/workflows/nightly-cron-tests.yaml @@ -22,7 +22,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/pr-automated-tests.yaml b/.github/workflows/pr-automated-tests.yaml index a3fe113a3b..c34827f3c9 100644 --- a/.github/workflows/pr-automated-tests.yaml +++ b/.github/workflows/pr-automated-tests.yaml @@ -16,7 +16,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | go install golang.org/x/lint/golint@latest @@ -50,7 +50,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Build CNI images run: make multi-arch-cni-build - name: Build CNI Init images diff --git a/.github/workflows/pr-manual-tests.yaml b/.github/workflows/pr-manual-tests.yaml index c50994a46e..0f84bbd6f6 100644 --- a/.github/workflows/pr-manual-tests.yaml +++ b/.github/workflows/pr-manual-tests.yaml @@ -29,7 +29,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d449df4213..93350c60e3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Generate CNI YAML run: make generate-cni-yaml - name: Create eks-charts PR diff --git a/.github/workflows/weekly-cron-tests.yaml b/.github/workflows/weekly-cron-tests.yaml index c12e9139d4..505526b46e 100644 --- a/.github/workflows/weekly-cron-tests.yaml +++ b/.github/workflows/weekly-cron-tests.yaml @@ -23,7 +23,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: "1.21" + go-version: "1.22" - name: Set up tools run: | # Install ginkgo version from go.mod diff --git a/.go-version b/.go-version index 8864ad2970..89144dbc38 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.2 \ No newline at end of file +1.22.3 diff --git a/README.md b/README.md index dccc7cf0fe..ecee7a37ef 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ See [here](./docs/iam-policy.md) for required IAM policies. * `unit-test`, `format`,`lint` and `vet` provide ways to run the respective tests/tools and should be run before submitting a PR. * `make docker` will create a docker container using `docker buildx` that contains the finished binaries, with a tag of `amazon/amazon-k8s-cni:latest` * `make docker-unit-tests` uses a docker container to run all unit tests. -* builds for all build and test actions run in docker containers based on `golang:1.21.5-6-gcc-al2` unless a different `GOLANG_IMAGE` tag is passed in. +* Builds for all build and test actions run in docker containers based on `.go-version` unless a different `GOLANG_IMAGE` tag is passed in. ## Components diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index d119a37d66..07eb1797f7 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -134,6 +134,7 @@ spec: - --enable-network-policy={{ .Values.enableNetworkPolicy }} - --enable-cloudwatch-logs={{ .Values.nodeAgent.enableCloudWatchLogs }} - --enable-policy-event-logs={{ .Values.nodeAgent.enablePolicyEventLogs }} + - --log-file={{ .Values.nodeAgent.networkPolicyAgentLogFileLocation }} - --metrics-bind-addr={{ include "aws-vpc-cni.nodeAgentMetricsBindAddr" . }} - --health-probe-bind-addr={{ include "aws-vpc-cni.nodeAgentHealthProbeBindAddr" . }} - --conntrack-cache-cleanup-period={{ .Values.nodeAgent.conntrackCacheCleanupPeriod }} diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 1bf88b53fc..a984109d31 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -43,6 +43,7 @@ nodeAgent: privileged: true enableCloudWatchLogs: "false" enablePolicyEventLogs: "false" + networkPolicyAgentLogFileLocation: "/var/log/aws-routed-eni/network-policy-agent.log" enableIpv6: "false" metricsBindAddr: "8162" healthProbeBindAddr: "8163" diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index a6a165113b..fa6b08cf37 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -12,10 +12,22 @@ This chart provides a Kubernetes deployment for the Amazon VPC CNI Metrics Helpe First add the EKS repository to Helm: ```shell -helm repo add eks https://aws.github.io/eks-charts +$ helm repo add eks https://aws.github.io/eks-charts ``` -To install the chart with the release name `cni-metrics-helper` and default configuration: +Ensure helm repository up to date + +```shell +$ helm repo update eks +``` + +To identify the version you are going to apply + +```shell +$ helm search repo eks/cni-metrics-helper --versions +``` + +To install the latest chart with the release name `cni-metrics-helper` and default configuration: ```shell $ helm install cni-metrics-helper --namespace kube-system eks/cni-metrics-helper @@ -43,26 +55,34 @@ $ helm uninstall cni-metrics-helper --namespace kube-system The following table lists the configurable parameters for this chart and their default values. -| Parameter | Description | Default | -|------------------------------|---------------------------------------------------------------|--------------------| -| fullnameOverride | Override the fullname of the chart | cni-metrics-helper | -| image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.18.1 | -| image.account | ECR repository account number | 602401143452 | -| image.domain | ECR repository domain | amazonaws.com | -| env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | -| env.USE_PROMETHEUS | Whether to export CNI metrics to Prometheus | false | -| env.AWS_CLUSTER_ID | ID of the cluster to use when exporting metrics to CloudWatch | default | -| env.AWS_VPC_K8S_CNI_LOGLEVEL | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | INFO | -| env.METRIC_UPDATE_INTERVAL | Interval at which to update CloudWatch metrics, in seconds. | | -| | Metrics are published to CloudWatch at 2x the interval | 30 | -| serviceAccount.name | The name of the ServiceAccount to use | nil | -| serviceAccount.create | Specifies whether a ServiceAccount should be created | true | -| serviceAccount.annotations | Specifies the annotations for ServiceAccount | {} | -| podAnnotations | Specifies the annotations for pods | {} | -| revisionHistoryLimit | The number of revisions to keep | 10 | -| podSecurityContext | SecurityContext to set on the pod | {} | -| containerSecurityContext | SecurityContext to set on the container | {} | + +| Parameter | Description | Default | +| -------------------------------|---------------------------------------------------------------|-------------------------------------| +| `affinity` | Map of node/pod affinities | `{}` | +| `fullnameOverride` | Override the fullname of the chart | `cni-metrics-helper` | +| `image.tag` | Image tag | `v1.18.1` | +| `image.domain` | ECR repository domain | `amazonaws.com` | +| `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | +| `image.account` | ECR repository account number | `602401143452` | +| `env.USE_CLOUDWATCH` | Whether to export CNI metrics to CloudWatch | `true` | +| `env.USE_PROMETHEUS` | Whether to export CNI metrics to Prometheus | `false` | +| `env.AWS_CLUSTER_ID` | ID of the cluster to use when exporting metrics to CloudWatch | `default` | +| `env.AWS_VPC_K8S_CNI_LOGLEVEL` | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | `INFO` | +| `env.METRIC_UPDATE_INTERVAL` | Interval at which to update CloudWatch metrics, in seconds. | | +| | Metrics are published to CloudWatch at 2x the interval | `30` | +| `serviceAccount.name` | The name of the ServiceAccount to use | `nil` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.annotations` | Specifies the annotations for ServiceAccount | `{}` | +| `podAnnotations` | Specifies the annotations for pods | `{}` | +| `revisionHistoryLimit` | The number of revisions to keep | `10` | +| `podSecurityContext` | SecurityContext to set on the pod | `{}` | +| `containerSecurityContext` | SecurityContext to set on the container | `{}` | +| `tolerations` | Optional deployment tolerations | `[]` | +| `updateStrategy` | Optional update strategy | `{}` | +| `imagePullSecrets` | Docker registry pull secret | `[]` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Optional deployment tolerations | `[]` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: diff --git a/charts/cni-metrics-helper/templates/clusterrole.yaml b/charts/cni-metrics-helper/templates/clusterrole.yaml index 6f45efd8aa..901952d751 100644 --- a/charts/cni-metrics-helper/templates/clusterrole.yaml +++ b/charts/cni-metrics-helper/templates/clusterrole.yaml @@ -2,6 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "cni-metrics-helper.fullname" . }} + labels: +{{ include "cni-metrics-helper.labels" . | indent 4 }} rules: - apiGroups: [""] resources: diff --git a/charts/cni-metrics-helper/templates/deployment.yaml b/charts/cni-metrics-helper/templates/deployment.yaml index adadf2bf7d..192ce9e56e 100644 --- a/charts/cni-metrics-helper/templates/deployment.yaml +++ b/charts/cni-metrics-helper/templates/deployment.yaml @@ -5,7 +5,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: k8s-app: cni-metrics-helper +{{ include "cni-metrics-helper.labels" . | indent 4 }} spec: +{{- if .Values.updateStrategy }} + strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} +{{- end }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: @@ -19,6 +23,8 @@ spec: {{- end }} {{- end }} labels: + app.kubernetes.io/name: {{ include "cni-metrics-helper.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} k8s-app: cni-metrics-helper spec: containers: @@ -36,6 +42,22 @@ spec: name: cni-metrics-helper image: "{{- if .Values.image.override }}{{- .Values.image.override }}{{- else }}{{- .Values.image.account }}.dkr.ecr.{{- .Values.image.region }}.{{- .Values.image.domain }}/cni-metrics-helper:{{- .Values.image.tag }}{{- end}}" serviceAccountName: {{ template "cni-metrics-helper.serviceAccountName" . }} -{{- if .Values.podSecurityContext }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} -{{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 3f4416e06b..26758efac1 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -36,3 +36,34 @@ podSecurityContext: {} containerSecurityContext: {} podAnnotations: {} + +imagePullSecrets: [] + +updateStrategy: {} +# type: RollingUpdate +# rollingUpdate: +# maxUnavailable: "10%" + +nodeSelector: {} + +tolerations: [] +# - operator: Exists + +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: "kubernetes.io/os" +# operator: In +# values: +# - linux +# - key: "kubernetes.io/arch" +# operator: In +# values: +# - amd64 +# - arm64 +# - key: "eks.amazonaws.com/compute-type" +# operator: NotIn +# values: +# - fargate diff --git a/cmd/aws-vpc-cni-init/main.go b/cmd/aws-vpc-cni-init/main.go index c3c77a9189..cf29fd4eab 100644 --- a/cmd/aws-vpc-cni-init/main.go +++ b/cmd/aws-vpc-cni-init/main.go @@ -29,7 +29,6 @@ import ( const ( defaultHostCNIBinPath = "/host/opt/cni/bin" - vpcCniInitDonePath = "/vpc-cni-init/done" metadataLocalIP = "local-ipv4" metadataMAC = "mac" defaultDisableIPv4TcpEarlyDemux = false @@ -181,17 +180,7 @@ func _main() int { return 1 } - // TODO: In order to speed up pod launch time, VPC CNI init container is not a Kubernetes init container. - // The VPC CNI container blocks on the existence of vpcCniInitDonePath - //err = cp.TouchFile(vpcCniInitDonePath) - //if err != nil { - // log.WithError(err).Errorf("Failed to set VPC CNI init done") - // return 1 - //} - log.Infof("CNI init container done") - // TODO: Since VPC CNI init container is a real container, it never exits - // time.Sleep(time.Duration(1<<63 - 1)) return 0 } diff --git a/cmd/aws-vpc-cni/main.go b/cmd/aws-vpc-cni/main.go index 063d766fdd..d1e5feb042 100644 --- a/cmd/aws-vpc-cni/main.go +++ b/cmd/aws-vpc-cni/main.go @@ -42,9 +42,7 @@ import ( "os/exec" "strconv" "strings" - "time" - "github.com/pkg/errors" log "github.com/sirupsen/logrus" "github.com/containernetworking/cni/pkg/types" @@ -188,27 +186,6 @@ func waitForIPAM() bool { } } -// Wait for vpcCniInitDonePath to exist (maximum wait time is 60 seconds) -func waitForInit() error { - start := time.Now() - maxEnd := start.Add(time.Minute) - for { - // Check for existence of vpcCniInitDonePath - if _, err := os.Stat(vpcCniInitDonePath); err == nil { - // Delete the done file in case of a reboot of the node or restart of the container (force init container to run again) - if err := os.Remove(vpcCniInitDonePath); err == nil { - return nil - } - // If file deletion fails, log and allow retry - log.Errorf("Failed to delete file: %s", vpcCniInitDonePath) - } - if time.Now().After(maxEnd) { - return errors.Errorf("time exceeded") - } - time.Sleep(1 * time.Second) - } -} - func getPrimaryIP(ipv4 bool) (string, error) { var hostIP string var err error @@ -471,12 +448,6 @@ func _main() int { return 1 } - // Wait for init container to complete - //if err := waitForInit(); err != nil { - // log.WithError(err).Errorf("Init container failed to complete") - // return 1 - //} - log.Infof("Copying config file... ") err = generateJSON(defaultAWSconflistFile, tmpAWSconflistFile, getPrimaryIP) if err != nil { diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index b631b8608f..559dbb325f 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -253,3 +253,11 @@ The [CNI image](../scripts/dockerfiles/Dockerfile.release) built for the `aws-no See the [cni-metrics-helper README](../cmd/cni-metrics-helper/README.md). + +## Build Troubleshooting + +If you encouter build issues while building vpc cni, ensure you are logged into a docker registry. +For e.g. + +aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws +~ diff --git a/go.mod b/go.mod index e80910a18b..4b46727ffb 100644 --- a/go.mod +++ b/go.mod @@ -1,41 +1,41 @@ module github.com/aws/amazon-vpc-cni-k8s -go 1.21 +go 1.22.3 require ( github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b - github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 - github.com/aws/aws-sdk-go v1.50.29 + github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 + github.com/aws/aws-sdk-go v1.51.32 github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.4.1 github.com/coreos/go-iptables v0.7.0 github.com/go-logr/logr v1.4.1 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.6.0 - github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.31.1 + github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/gomega v1.33.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.52.2 + github.com/prometheus/common v0.53.0 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.uber.org/zap v1.26.0 - golang.org/x/net v0.23.0 - golang.org/x/sys v0.18.0 + golang.org/x/net v0.24.0 + golang.org/x/sys v0.19.0 google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.33.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.14.3 - k8s.io/api v0.29.0 - k8s.io/apimachinery v0.29.2 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 k8s.io/cli-runtime v0.29.0 - k8s.io/client-go v0.29.0 + k8s.io/client-go v0.29.3 sigs.k8s.io/controller-runtime v0.17.0 ) @@ -78,15 +78,15 @@ require ( github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect + github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.0 // indirect @@ -148,11 +148,11 @@ require ( golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect @@ -161,8 +161,8 @@ require ( k8s.io/apiextensions-apiserver v0.29.0 // indirect k8s.io/apiserver v0.29.0 // indirect k8s.io/component-base v0.29.0 // indirect - k8s.io/klog/v2 v2.110.1 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/kubectl v0.29.0 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect oras.land/oras-go v1.2.4 // indirect @@ -180,3 +180,6 @@ replace golang.org/x/crypto => golang.org/x/crypto v0.17.0 // Cannot be removed until all dependencies use net library v0.23.0 or higher replace golang.org/x/net => golang.org/x/net v0.23.0 + +// Version of go-cose v1.2.0 and v1.2.1 have been deprecated in favor v1.1.0 +replace github.com/veraison/go-cose => github.com/veraison/go-cose v1.1.0 diff --git a/go.sum b/go.sum index a15fc2cb15..838d93b1a7 100644 --- a/go.sum +++ b/go.sum @@ -35,10 +35,10 @@ github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b h1:xCQo9O4BIwuLhrQAqamsvhfgjBiSOo83uDMMSivRsnw= github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= -github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 h1:43uJXFNTjk5Gzi2Qpqk30ycaaE7DOVvBDKi35wzsrsQ= -github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1/go.mod h1:tXPJP0SFdkVa7ALghDjThtavyYnP0MKO8V0ZHlDNCU8= -github.com/aws/aws-sdk-go v1.50.29 h1:Ol2FYzesF2tsQrgVSnDWRFI60+FsSqKKdt7MLlZKubc= -github.com/aws/aws-sdk-go v1.50.29/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0 h1:utc5JzVlbORZ/4IFHb4yleqbIOKEevKfVxozKvhJWok= +github.com/aws/amazon-vpc-resource-controller-k8s v1.5.0/go.mod h1:3q5gDG44vGr9ERe0YMHItThKXxDkntAUrlfTgJkdgF8= +github.com/aws/aws-sdk-go v1.51.32 h1:A6mPui7QP4mwmovyzgtdedbRbNur1Iu0/El7hBWNHms= +github.com/aws/aws-sdk-go v1.51.32/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -136,7 +136,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -153,8 +152,8 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= @@ -184,8 +183,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -206,8 +205,8 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk= -github.com/google/pprof v0.0.0-20230323073829-e72429f035bd/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -340,13 +339,13 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -374,8 +373,8 @@ github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZ github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= -github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= +github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= +github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= @@ -415,7 +414,6 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -477,8 +475,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -493,8 +491,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -521,19 +519,21 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -546,8 +546,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -608,24 +608,24 @@ helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4= helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= -k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.29.0 h1:Y1xEMjJkP+BIi0GSEv1BBrf1jLU9UPfAnnGGbbDdp7o= k8s.io/apiserver v0.29.0/go.mod h1:31n78PsRKPmfpee7/l9NYEv67u6hOL6AfcE761HapDM= k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk= -k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= -k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= k8s.io/component-base v0.29.0 h1:T7rjd5wvLnPBV1vC4zWd/iWRbV8Mdxs+nGaoaFzGw3s= k8s.io/component-base v0.29.0/go.mod h1:sADonFTQ9Zc9yFLghpDpmNXEdHyQmFIGbiuZbqAXQ1M= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= diff --git a/misc/eni-max-pods.txt b/misc/eni-max-pods.txt index 3cc4aa10db..2ce0e5884d 100644 --- a/misc/eni-max-pods.txt +++ b/misc/eni-max-pods.txt @@ -161,11 +161,11 @@ c6in.12xlarge 234 c6in.16xlarge 737 c6in.24xlarge 737 c6in.2xlarge 58 -c6in.32xlarge 345 +c6in.32xlarge 394 c6in.4xlarge 234 c6in.8xlarge 234 c6in.large 29 -c6in.metal 345 +c6in.metal 394 c6in.xlarge 58 c7a.12xlarge 234 c7a.16xlarge 737 @@ -204,7 +204,13 @@ c7gn.4xlarge 234 c7gn.8xlarge 234 c7gn.large 29 c7gn.medium 8 +c7gn.metal 737 c7gn.xlarge 58 +c7i-flex.2xlarge 58 +c7i-flex.4xlarge 234 +c7i-flex.8xlarge 234 +c7i-flex.large 29 +c7i-flex.xlarge 58 c7i.12xlarge 234 c7i.16xlarge 737 c7i.24xlarge 737 @@ -266,6 +272,16 @@ g5g.4xlarge 234 g5g.8xlarge 234 g5g.metal 737 g5g.xlarge 58 +g6.12xlarge 234 +g6.16xlarge 737 +g6.24xlarge 737 +g6.2xlarge 58 +g6.48xlarge 737 +g6.4xlarge 234 +g6.8xlarge 234 +g6.xlarge 58 +gr6.4xlarge 234 +gr6.8xlarge 234 h1.16xlarge 394 h1.2xlarge 58 h1.4xlarge 234 @@ -464,21 +480,21 @@ m6idn.12xlarge 234 m6idn.16xlarge 737 m6idn.24xlarge 737 m6idn.2xlarge 58 -m6idn.32xlarge 345 +m6idn.32xlarge 394 m6idn.4xlarge 234 m6idn.8xlarge 234 m6idn.large 29 -m6idn.metal 345 +m6idn.metal 394 m6idn.xlarge 58 m6in.12xlarge 234 m6in.16xlarge 737 m6in.24xlarge 737 m6in.2xlarge 58 -m6in.32xlarge 345 +m6in.32xlarge 394 m6in.4xlarge 234 m6in.8xlarge 234 m6in.large 29 -m6in.metal 345 +m6in.metal 394 m6in.xlarge 58 m7a.12xlarge 234 m7a.16xlarge 737 @@ -665,21 +681,21 @@ r6idn.12xlarge 234 r6idn.16xlarge 737 r6idn.24xlarge 737 r6idn.2xlarge 58 -r6idn.32xlarge 345 +r6idn.32xlarge 394 r6idn.4xlarge 234 r6idn.8xlarge 234 r6idn.large 29 -r6idn.metal 345 +r6idn.metal 394 r6idn.xlarge 58 r6in.12xlarge 234 r6in.16xlarge 737 r6in.24xlarge 737 r6in.2xlarge 58 -r6in.32xlarge 345 +r6in.32xlarge 394 r6in.4xlarge 234 r6in.8xlarge 234 r6in.large 29 -r6in.metal 345 +r6in.metal 394 r6in.xlarge 58 r7a.12xlarge 234 r7a.16xlarge 737 diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index db14e34b75..f9ba346915 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -27,6 +27,8 @@ import ( "sync" "time" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" + "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils/awssession" "github.com/aws/amazon-vpc-cni-k8s/pkg/ec2wrapper" "github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder" @@ -168,7 +170,7 @@ type APIs interface { IsPrimaryENI(eniID string) bool //RefreshSGIDs - RefreshSGIDs(mac string) error + RefreshSGIDs(mac string, store *datastore.DataStore) error //GetInstanceHypervisorFamily returns the hypervisor family for the instance GetInstanceHypervisorFamily() string @@ -474,7 +476,7 @@ func (cache *EC2InstanceMetadataCache) initWithEC2Metadata(ctx context.Context) } // RefreshSGIDs retrieves security groups -func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string) error { +func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string, store *datastore.DataStore) error { ctx := context.TODO() sgIDs, err := cache.imds.GetSecurityGroupIDs(ctx, mac) @@ -501,14 +503,12 @@ func (cache *EC2InstanceMetadataCache) RefreshSGIDs(mac string) error { cache.securityGroups.Set(sgIDs) if !cache.useCustomNetworking && (addedSGsCount != 0 || deletedSGsCount != 0) { - allENIs, err := cache.GetAttachedENIs() - if err != nil { - return errors.Wrap(err, "DescribeAllENIs: failed to get local ENI metadata") - } + eniInfos := store.GetENIInfos() var eniIDs []string - for _, eni := range allENIs { - eniIDs = append(eniIDs, eni.ENIID) + + for eniID := range eniInfos.ENIs { + eniIDs = append(eniIDs, eniID) } newENIs := StringSet{} diff --git a/pkg/awsutils/mocks/awsutils_mocks.go b/pkg/awsutils/mocks/awsutils_mocks.go index 54c7ec72c5..4e71a57549 100644 --- a/pkg/awsutils/mocks/awsutils_mocks.go +++ b/pkg/awsutils/mocks/awsutils_mocks.go @@ -22,6 +22,8 @@ import ( net "net" reflect "reflect" + "github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd/datastore" + awsutils "github.com/aws/amazon-vpc-cni-k8s/pkg/awsutils" vpc "github.com/aws/amazon-vpc-cni-k8s/pkg/vpc" ec2 "github.com/aws/aws-sdk-go/service/ec2" @@ -466,17 +468,17 @@ func (mr *MockAPIsMockRecorder) IsUnmanagedENI(arg0 interface{}) *gomock.Call { } // RefreshSGIDs mocks base method. -func (m *MockAPIs) RefreshSGIDs(arg0 string) error { +func (m *MockAPIs) RefreshSGIDs(mac string, store *datastore.DataStore) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "RefreshSGIDs", arg0) + ret := m.ctrl.Call(m, "RefreshSGIDs", mac, store) ret0, _ := ret[0].(error) return ret0 } // RefreshSGIDs indicates an expected call of RefreshSGIDs. -func (mr *MockAPIsMockRecorder) RefreshSGIDs(arg0 interface{}) *gomock.Call { +func (mr *MockAPIsMockRecorder) RefreshSGIDs(mac, store interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), arg0) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshSGIDs", reflect.TypeOf((*MockAPIs)(nil).RefreshSGIDs), mac, store) } // SetMultiCardENIs mocks base method. diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 648a00b104..33f75900f5 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -507,14 +507,14 @@ func (c *IPAMContext) nodeInit() error { // 1. after managed/unmanaged ENIs have been determined // 2. before any new ENIs are attached if c.enableIPv4 && !c.disableENIProvisioning { - if err := c.awsClient.RefreshSGIDs(primaryENIMac); err != nil { + if err := c.awsClient.RefreshSGIDs(primaryENIMac, c.dataStore); err != nil { return err } // Refresh security groups and VPC CIDR blocks in the background // Ignoring errors since we will retry in 30s go wait.Forever(func() { - c.awsClient.RefreshSGIDs(primaryENIMac) + c.awsClient.RefreshSGIDs(primaryENIMac, c.dataStore) }, 30*time.Second) } diff --git a/pkg/ipamd/ipamd_test.go b/pkg/ipamd/ipamd_test.go index cc5a27337a..7dc6133a34 100644 --- a/pkg/ipamd/ipamd_test.go +++ b/pkg/ipamd/ipamd_test.go @@ -153,7 +153,7 @@ func TestNodeInit(t *testing.T) { m.network.EXPECT().SetupHostNetwork(cidrs, "", &primaryIP, false, true, false).Return(nil) m.network.EXPECT().CleanUpStaleAWSChains(true, false).Return(nil) m.awsutils.EXPECT().GetPrimaryENI().AnyTimes().Return(primaryENIid) - m.awsutils.EXPECT().RefreshSGIDs(gomock.Any()).AnyTimes().Return(nil) + m.awsutils.EXPECT().RefreshSGIDs(gomock.Any(), gomock.Any()).AnyTimes().Return(nil) eniMetadataSlice := []awsutils.ENIMetadata{eni1, eni2} resp := awsutils.DescribeAllENIsResult{ @@ -243,7 +243,7 @@ func TestNodeInitwithPDenabledIPv4Mode(t *testing.T) { m.network.EXPECT().SetupHostNetwork(cidrs, "", &primaryIP, false, true, false).Return(nil) m.network.EXPECT().CleanUpStaleAWSChains(true, false).Return(nil) m.awsutils.EXPECT().GetPrimaryENI().AnyTimes().Return(primaryENIid) - m.awsutils.EXPECT().RefreshSGIDs(gomock.Any()).AnyTimes().Return(nil) + m.awsutils.EXPECT().RefreshSGIDs(gomock.Any(), gomock.Any()).AnyTimes().Return(nil) eniMetadataSlice := []awsutils.ENIMetadata{eni1, eni2} resp := awsutils.DescribeAllENIsResult{ @@ -1397,8 +1397,6 @@ func datastoreWith3PodsFromPrefix() *datastore.DataStore { } func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { - ctrl := gomock.NewController(t) - eni1, eni2, eni3 := getDummyENIMetadata() allENIs := []awsutils.ENIMetadata{eni1, eni2, eni3} primaryENIonly := []awsutils.ENIMetadata{eni1} @@ -1417,26 +1415,29 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} - mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) - mockAWSUtils.EXPECT().GetPrimaryENI().Times(5).Return(eni1.ENIID) - mockAWSUtils.EXPECT().GetInstanceID().Times(3).Return(instanceID) - tests := []struct { - name string - tagMap map[string]awsutils.TagMap - enis []awsutils.ENIMetadata - want []awsutils.ENIMetadata - unmanagedenis []string + name string + tagMap map[string]awsutils.TagMap + enis []awsutils.ENIMetadata + want []awsutils.ENIMetadata + unmanagedenis []string + expectedGetPrimaryENICalls int + expectedGetInstanceIDCalls int }{ - {"No tags at all", nil, allENIs, allENIs, nil}, - {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil}, - {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}}, - {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, nil}, + {"No tags at all", nil, allENIs, allENIs, nil, 0, 0}, + {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil, 1, 0}, + {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}, 2, 0}, + {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 0}, + {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 1}, + {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, nil, 0, 2}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) + c := &IPAMContext{ awsClient: mockAWSUtils, enableManageUntaggedMode: true} @@ -1447,6 +1448,10 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { sort.Strings(args) assert.Equal(t, tt.unmanagedenis, args) }).AnyTimes() + + mockAWSUtils.EXPECT().GetPrimaryENI().Times(tt.expectedGetPrimaryENICalls).Return(eni1.ENIID) + mockAWSUtils.EXPECT().GetInstanceID().Times(tt.expectedGetInstanceIDCalls).Return(instanceID) + c.setUnmanagedENIs(tt.tagMap) mockAWSUtils.EXPECT().IsUnmanagedENI(gomock.Any()).DoAndReturn( @@ -1479,7 +1484,6 @@ func TestIPAMContext_filterUnmanagedENIs(t *testing.T) { } func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) { - ctrl := gomock.NewController(t) eni1, eni2, eni3 := getDummyENIMetadata() allENIs := []awsutils.ENIMetadata{eni1, eni2, eni3} @@ -1499,30 +1503,37 @@ func TestIPAMContext_filterUnmanagedENIs_disableManageUntaggedMode(t *testing.T) eni2.ENIID: {"hi": "tag", eniNodeTagKey: "i-abcdabcdabcd"}, eni3.ENIID: {"hi": "tag", eniNodeTagKey: instanceID}} - mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) - mockAWSUtils.EXPECT().GetPrimaryENI().Times(6).Return(eni1.ENIID) - mockAWSUtils.EXPECT().GetInstanceID().Times(3).Return(instanceID) - tests := []struct { - name string - tagMap map[string]awsutils.TagMap - enis []awsutils.ENIMetadata - want []awsutils.ENIMetadata - unmanagedenis []string + name string + tagMap map[string]awsutils.TagMap + enis []awsutils.ENIMetadata + want []awsutils.ENIMetadata + unmanagedenis []string + expectedGetPrimaryENICalls int + expectedGetInstanceIDCalls int }{ - {"No tags at all", nil, allENIs, allENIs, []string{eni2.ENIID, eni3.ENIID}}, - {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil}, - {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}}, - {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, - {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}}, + {"No tags at all", nil, allENIs, allENIs, []string{eni2.ENIID, eni3.ENIID}, 0, 0}, + {"Primary ENI unmanaged", Test1TagMap, allENIs, allENIs, nil, 1, 0}, + {"Secondary/Tertiary ENI unmanaged", Test2TagMap, allENIs, primaryENIonly, []string{eni2.ENIID, eni3.ENIID}, 2, 0}, + {"Secondary ENI unmanaged", Test3TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 0}, + {"Secondary ENI unmanaged and Tertiary ENI CNI created", Test4TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 1}, + {"Secondary ENI not CNI created and Tertiary ENI CNI created", Test5TagMap, allENIs, filteredENIonly, []string{eni2.ENIID}, 1, 2}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + ctrl := gomock.NewController(t) + + defer ctrl.Finish() + + mockAWSUtils := mock_awsutils.NewMockAPIs(ctrl) + c := &IPAMContext{ awsClient: mockAWSUtils, enableManageUntaggedMode: false} + mockAWSUtils.EXPECT().GetPrimaryENI().Times(tt.expectedGetPrimaryENICalls).Return(eni1.ENIID) + mockAWSUtils.EXPECT().GetInstanceID().Times(tt.expectedGetInstanceIDCalls).Return(instanceID) + mockAWSUtils. EXPECT(). SetUnmanagedENIs(gomock.Any()). diff --git a/pkg/vpc/vpc_ip_resource_limit.go b/pkg/vpc/vpc_ip_resource_limit.go index 77a4943de5..efb6a8b77d 100644 --- a/pkg/vpc/vpc_ip_resource_limit.go +++ b/pkg/vpc/vpc_ip_resource_limit.go @@ -1744,17 +1744,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "c6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -1805,17 +1805,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "c6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -2350,6 +2350,20 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "c7gn.metal": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "unknown", + IsBareMetal: true, + }, "c7gn.xlarge": { ENILimit: 4, IPv4Limit: 15, @@ -2364,6 +2378,76 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "c7i-flex.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.large": { + ENILimit: 3, + IPv4Limit: 10, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 3, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "c7i-flex.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "c7i.12xlarge": { ENILimit: 8, IPv4Limit: 30, @@ -3228,6 +3312,146 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "g6.12xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.16xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.24xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.2xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.48xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "g6.xlarge": { + ENILimit: 4, + IPv4Limit: 15, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 4, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "gr6.4xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, + "gr6.8xlarge": { + ENILimit: 8, + IPv4Limit: 30, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 8, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "h1.16xlarge": { ENILimit: 8, IPv4Limit: 50, @@ -6021,17 +6245,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6idn.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6082,17 +6306,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6idn.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6171,17 +6395,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -6232,17 +6456,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "m6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9020,17 +9244,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6idn.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9081,17 +9305,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6idn.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9170,17 +9394,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6in.32xlarge": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, @@ -9231,17 +9455,17 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ IsBareMetal: false, }, "r6in.metal": { - ENILimit: 7, + ENILimit: 8, IPv4Limit: 50, DefaultNetworkCardIndex: 0, NetworkCards: []NetworkCard{ { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 0, }, { - MaximumNetworkInterfaces: 7, + MaximumNetworkInterfaces: 8, NetworkCardIndex: 1, }, diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 20fb3d2dc1..309410be11 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -33,7 +33,7 @@ function run_integration_test() { echo "Running cni integration tests" START=$SECONDS - cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS -v -timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail + cd $INTEGRATION_TEST_DIR/cni && CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --skip-file=soak_test.go -v -timeout 60m --no-color --fail-on-pending -- --cluster-kubeconfig="$KUBE_CONFIG_PATH" --cluster-name="$CLUSTER_NAME" --aws-region="$REGION" --aws-vpc-id="$VPC_ID" --ng-name-label-key="$NG_LABEL_KEY" --ng-name-label-val="$NG_LABEL_VAL" --test-image-registry=$TEST_IMAGE_REGISTRY || TEST_RESULT=fail echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then diff --git a/scripts/run-soak-test.sh b/scripts/run-soak-test.sh new file mode 100755 index 0000000000..f09f561dff --- /dev/null +++ b/scripts/run-soak-test.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# The script runs amazon-vpc-cni static canary tests +# The tests in this suite are designed to exercise AZ failure scenarios. + +set -e + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" +# TEST_IMAGE_REGISTRY is the registry in test-infra-* accounts where e2e test images are stored +TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"} + +# If $ENDPOINT is set, as in it is for beta clusters then $ENDPOINT_OPTION, +# defined in lib/cluster.sh will add --eks-endpoint=$ENDPOINT to the ginkgo +# test command + +source "$SCRIPT_DIR"/lib/cluster.sh +source "$SCRIPT_DIR"/lib/canary.sh + +function run_ginkgo_test() { + local focus=$1 + echo "Running ginkgo tests with focus: $focus" + + (CGO_ENABLED=0 ginkgo $EXTRA_GINKGO_FLAGS --no-color --focus="$focus" -v --timeout 3h --fail-on-pending $GINKGO_TEST_BUILD/cni.test -- \ + --cluster-kubeconfig="$KUBE_CONFIG_PATH" \ + --cluster-name="$CLUSTER_NAME" \ + --aws-region="$REGION" \ + --aws-vpc-id="$VPC_ID" \ + --ng-name-label-key="kubernetes.io/os" \ + --ng-name-label-val="linux" \ + --test-image-registry=$TEST_IMAGE_REGISTRY \ + --publish-cw-metrics=true \ + $ENDPOINT_OPTION) +} + +load_cluster_details + +run_ginkgo_test "SOAK_TEST" + +echo "all tests ran successfully in $(($SECONDS / 60)) minutes and $(($SECONDS % 60)) seconds" diff --git a/test/agent/go.mod b/test/agent/go.mod index 8ee4de14cb..81506d3f38 100644 --- a/test/agent/go.mod +++ b/test/agent/go.mod @@ -1,11 +1,11 @@ module github.com/aws/amazon-vpc-cni-k8s/test/agent -go 1.21 +go 1.22.3 require ( github.com/coreos/go-iptables v0.7.0 github.com/vishvananda/netlink v1.1.0 - golang.org/x/sys v0.18.0 + golang.org/x/sys v0.19.0 ) require github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect diff --git a/test/agent/go.sum b/test/agent/go.sum index fe4c332145..512fba84b6 100644 --- a/test/agent/go.sum +++ b/test/agent/go.sum @@ -5,5 +5,5 @@ github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYp github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= diff --git a/test/integration/cni/soak_test.go b/test/integration/cni/soak_test.go new file mode 100644 index 0000000000..8819a8b5ce --- /dev/null +++ b/test/integration/cni/soak_test.go @@ -0,0 +1,199 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"). You may +// not use this file except in compliance with the License. A copy of the +// License is located at +// +// http://aws.amazon.com/apache2.0/ +// +// or in the "license" file accompanying this file. This file is distributed +// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +// express or implied. See the License for the specific language governing +// permissions and limitations under the License. + +package cni + +import ( + "fmt" + "strconv" + "time" + + "github.com/aws/amazon-vpc-cni-k8s/test/framework/utils" + "github.com/aws/amazon-vpc-cni-k8s/test/integration/common" + "github.com/aws/aws-sdk-go/service/ec2" + + "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/manifest" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + v1 "k8s.io/api/apps/v1" + coreV1 "k8s.io/api/core/v1" +) + +// Ensures Pods are launched on both Primary and Secondary Network Interfaces on two nodes. +// and the test verifies network connectivity across pods launched on these interfaces. + +// The total test will take 1 hour of constantly exercising pod launch on primary and secondary interfaces. +// running connectivity tests, and deleting the pods, and repeating the process. + +var _ = Describe("SOAK Test pod networking", Ordered, func() { + + var ( + err error + serverListenCmd []string + serverListenCmdArgs []string + testConnectionCommandFunc func(serverPod coreV1.Pod, port int) []string + testFailedConnectionCommandFunc func(serverPod coreV1.Pod, port int) []string + testerExpectedStdOut string + testerExpectedStdErr string + serverPort int + protocol string + primaryNodeDeployment *v1.Deployment + secondaryNodeDeployment *v1.Deployment + interfaceToPodListOnPrimaryNode common.InterfaceTypeToPodList + interfaceToPodListOnSecondaryNode common.InterfaceTypeToPodList + timesToRunTheTest = 12 + waitDuringInMinutes = time.Duration(5) * time.Minute + ) + + BeforeAll(func() { + fmt.Println("Starting SOAK test") + + protocol = ec2.ProtocolTcp + serverPort = 2273 + + By("Authorize Security Group Ingress on EC2 instance.") + err = f.CloudServices.EC2(). + AuthorizeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + Expect(err).ToNot(HaveOccurred()) + + By("Authorize Security Group Egress on EC2 instance.") + err = f.CloudServices.EC2(). + AuthorizeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + Expect(err).ToNot(HaveOccurred()) + }) + + AfterAll(func() { + fmt.Println("Cleaning SOAK test") + + By("Revoke Security Group Ingress.") + err = f.CloudServices.EC2(). + RevokeSecurityGroupIngress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0", false) + Expect(err).ToNot(HaveOccurred()) + + By("Revoke Security Group Egress.") + err = f.CloudServices.EC2(). + RevokeSecurityGroupEgress(instanceSecurityGroupID, protocol, serverPort, serverPort, "0.0.0.0/0") + Expect(err).ToNot(HaveOccurred()) + + By("SOAK test completed") + }) + + Context("[SOAK_TEST] Establish TCP connection from tester to server on both Primary and Secondary ENI", func() { + BeforeEach(func() { + serverListenCmd = []string{"nc"} + // The nc flag "-l" for listen mode, "-k" to keep server up and not close connection after each connection + serverListenCmdArgs = []string{"-k", "-l", strconv.Itoa(serverPort)} + + // netcat verbose output is being redirected to stderr instead of stdout + // The nc flag "-v" for verbose output and "-wn" for timing out in n seconds + testConnectionCommandFunc = func(receiverPod coreV1.Pod, port int) []string { + return []string{"nc", "-v", "-w5", receiverPod.Status.PodIP, strconv.Itoa(port)} + } + + // Create a negative test case with the wrong port number. This is to reinforce the + // positive test case work by verifying negative cases do throw error + testFailedConnectionCommandFunc = func(receiverPod coreV1.Pod, port int) []string { + return []string{"nc", "-v", "-w5", receiverPod.Status.PodIP, strconv.Itoa(port + 1)} + } + + serverContainer := manifest. + NewNetCatAlpineContainer(f.Options.TestImageRegistry). + Command(serverListenCmd). + Args(serverListenCmdArgs). + Build() + + By("Creating Pods on Primary and Secondary ENI on Primary and Secondary Node") + primaryNodeDeployment = manifest. + NewDefaultDeploymentBuilder(). + Container(serverContainer). + Replicas(maxIPPerInterface*2). // X2 so Pods are created on secondary ENI too + NodeName(primaryNode.Name). + PodLabel("node", "primary"). + Name("primary-node-server"). + Build() + + primaryNodeDeployment, err = f.K8sResourceManagers. + DeploymentManager(). + CreateAndWaitTillDeploymentIsReady(primaryNodeDeployment, utils.DefaultDeploymentReadyTimeout) + + Expect(err).ToNot(HaveOccurred()) + + interfaceToPodListOnPrimaryNode = + common.GetPodsOnPrimaryAndSecondaryInterface(primaryNode, "node", "primary", f) + + // At least two Pods should be placed on the Primary and Secondary Interface + // on the Primary and Secondary Node in order to test all possible scenarios + Expect(len(interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI)). + Should(BeNumerically(">", 1)) + + Expect(len(interfaceToPodListOnPrimaryNode.PodsOnSecondaryENI)). + Should(BeNumerically(">", 1)) + + secondaryNodeDeployment = manifest. + NewDefaultDeploymentBuilder(). + Container(serverContainer). + Replicas(maxIPPerInterface*2). // X2 so Pods are created on secondary ENI too + NodeName(secondaryNode.Name). + PodLabel("node", "secondary"). + Name("secondary-node-server"). + Build() + + secondaryNodeDeployment, err = f.K8sResourceManagers. + DeploymentManager(). + CreateAndWaitTillDeploymentIsReady(secondaryNodeDeployment, utils.DefaultDeploymentReadyTimeout) + Expect(err).ToNot(HaveOccurred()) + + interfaceToPodListOnSecondaryNode = + common.GetPodsOnPrimaryAndSecondaryInterface(secondaryNode, "node", "secondary", f) + + Expect(len(interfaceToPodListOnSecondaryNode.PodsOnPrimaryENI)). + Should(BeNumerically(">", 1)) + + Expect(len(interfaceToPodListOnSecondaryNode.PodsOnSecondaryENI)). + Should(BeNumerically(">", 1)) + }) + + AfterEach(func() { + By("TearDown Pods") + err = f.K8sResourceManagers.DeploymentManager(). + DeleteAndWaitTillDeploymentIsDeleted(primaryNodeDeployment) + Expect(err).ToNot(HaveOccurred()) + + err = f.K8sResourceManagers.DeploymentManager(). + DeleteAndWaitTillDeploymentIsDeleted(secondaryNodeDeployment) + Expect(err).ToNot(HaveOccurred()) + + }) + + for i := 0; i < timesToRunTheTest; i++ { + It("assert connectivity across nodes and across interface types", func() { + + testerExpectedStdErr = "succeeded!" + testerExpectedStdOut = "" + + CheckConnectivityForMultiplePodPlacement( + interfaceToPodListOnPrimaryNode, interfaceToPodListOnSecondaryNode, + serverPort, testerExpectedStdOut, testerExpectedStdErr, testConnectionCommandFunc) + + By("verifying connection fails for unreachable port") + + VerifyConnectivityFailsForNegativeCase(interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI[0], + interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI[1], serverPort, + testFailedConnectionCommandFunc) + + time.Sleep(waitDuringInMinutes) + }) + } + }) +}) diff --git a/utils/prometheusmetrics/prometheusmetrics.go b/utils/prometheusmetrics/prometheusmetrics.go index edcdacda86..fadda0a094 100644 --- a/utils/prometheusmetrics/prometheusmetrics.go +++ b/utils/prometheusmetrics/prometheusmetrics.go @@ -159,8 +159,8 @@ var ( }, []string{"cidr"}, ) - NoAvailableIPAddrs = prometheus.NewGauge( - prometheus.GaugeOpts{ + NoAvailableIPAddrs = prometheus.NewCounter( + prometheus.CounterOpts{ Name: "awscni_no_available_ip_addresses", Help: "The number of pod IP assignments that fail due to no available IP addresses", },