Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Capacity block #543

Merged
merged 170 commits into from
Apr 30, 2024
Merged

Capacity block #543

merged 170 commits into from
Apr 30, 2024

Conversation

hspencer77
Copy link

Description

Expand capacity-block feature for eksctl

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the userdocs directory)
  • Manually tested
  • Made sure the title of the PR is a good description that can go into the release notes
  • (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

a-hilaly and others added 30 commits January 17, 2024 00:26
Prior to this patch, the `pkg/fargate/coredns` package had some bits of
code that accessed/mutated pod annotations assuming that they'll always
be instantiated correctly.

This patch adds utility functions to safely mutate and access fargate
pod annotations.

Signed-off-by: Amine Hilaly <hilalyamine@gmail.com>
Safely access/mutate fargate coredns pod annotations
With `aws-sdk-go-v2@1.24.1`, API server requests containing URLs presigned by `sts.PresignClient` fail with an `Unauthorized` error.

`aws-sdk-go-v2@1.24.1` adds an extra header `amz-sdk-request` to the generated request, but this header is not allow-listed by `aws-iam-authenticator` server running on the control plane.
This is likely due to [this change](aws/aws-sdk-go-v2#2438) which reorders the middleware operations to execute `RetryMetricsHeader` before `Signing`.

This changelist removes the `RetryMetricsHeader` middleware from the stack when constructing `sts.PresignClient`.
Fix generating presigned URL for K8s authentication
Prepare for next development iteration
For some clusters, EKS can return the list of public endpoint CIDRs out of
order, and won't allow updates where the incoming and current sets have set
equality (i.e. regardless of order of CIDR entries). This change restores the
set equality check that was removed in commit
72605fb and adds an additional test case to
cover this case.
…drs-unordered

Handle unordered public endpoint CIDRs from EKS in endpoint updates
The IAM condition key StringLike was used incorrectly in the policy and it doesn't work with wildcard (*) in the key itself. Wildcard is only supported in the value of the key. This fixes issue in cases where a volume dynamically provisioned via the older in-tree CSI plugin is being deleted by the new EBS CSI driver, because such volumes don't have the tags used in the policy.

The changes made are inspired from the AWS managed AmazonEBSCSIDriverPolicy.
Update well-known policy for ebsCSIController
…ot-be-evicted

Fix coredns pdb preventing cluster deletion
Prepare for next development iteration
…-config-for-v0.33

Expand Karpenter settings.aws block to settings for v0.33.0 and greater
cPu1 and others added 23 commits April 23, 2024 15:09
…-arn

Fix reusing instanceRoleARN for nodegroups authorized with access entry
…#7714)

* Preserve eksctl commands correctness when user deletes subnets

* update error when subnet availability validation fails

* address PR comments
…tityassociation` commands (eksctl-io#7706)

* Handle K8s service account lifecycle on eksctl create/delete podidentityassociations commands

* correct typo

Co-authored-by: Chetan Patwal <cPu1@users.noreply.github.com>

---------

Co-authored-by: Chetan Patwal <cPu1@users.noreply.github.com>
* feat: Add support for Ubuntu Pro 22.04 based EKS images

* update schema.json

* test: Add nodegroup with Ubuntu Pro 22.04

* fix integration test

---------

Co-authored-by: Tibi <110664232+TiberiuGC@users.noreply.github.com>
Disable IMDSv1 in unowned integration tests
…pre-releases-in-drafter

[Release drafter] Treat RCs as full releases when drafting notes
…ies (eksctl-io#7710)

* Added migrate-to-access-entry cmd structure

* Fix Target Authentication  mode validation

* Added logic to get accessEntries and cmEntries from cluster

* Added logic to make unique list of configmap accessEntries, and stack creation logic

* Added UpdateAuthentication mode and aeEntries filter logic

* Add approve flag check

* Added functionality to remove awsauth after switch to API only

* Adds logic to fetch FullARN of path stripped IAMIdentityMappings

* Updates some info log text

* Adds test case and refactors code

* Removes comments

* Adds taskTree and address PR comments

* Refactors code and Adds exception handling for NoSuchEntityException

* Resolves go.mod and go.sum conflicts

* Doc update for migrate-to-access-entry feature

* Fixed minimum iam policies doc to add permission for iam:GetUser

* Updated access-entries doc at migrate-to-access-entry section

* Fixes failing Migrate To Access Entry Test & go.mod, go.sum

* Amends migrate to access entry documentation

* improve logs and simplify code logic

* add unit tests

* ensure target-auth-mode has a valid value

---------

Co-authored-by: Pankaj Walke <advaitt@amazon.com>
Co-authored-by: Venkat Penmetsa <vpenmets@amazon.com>
Co-authored-by: Venkat Penmetsa <vpenmets@gmail.com>
Co-authored-by: Tibi <110664232+TiberiuGC@users.noreply.github.com>
Replaces usage of a per-loop variable with a per-iteration variable.
Fix deleting clusters with a non-active status
Copy link

The following commits were not verified:
ce27549 (no_user)
8ddea75 (unsigned)
1ce547f (unsigned)
99593da (unsigned)
7bf47e2 (unsigned)
b4b8935 (unsigned)
ce6e6e6 (unsigned)
6574fa1 (unsigned)
28c842b (unsigned)
1e1d72f (unsigned)
f75c48e (unsigned)
a6aa06b (unsigned)

@hspencer77 hspencer77 added the enhancement New feature or request label Apr 30, 2024
@hspencer77 hspencer77 self-assigned this Apr 30, 2024
@hspencer77 hspencer77 added the kind/improvement product improvement label Apr 30, 2024
@hspencer77 hspencer77 merged commit 1e5802c into main Apr 30, 2024
6 of 8 checks passed
@hspencer77 hspencer77 deleted the capacity-block branch April 30, 2024 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request kind/improvement product improvement unverified-commits
Projects
None yet
Development

Successfully merging this pull request may close these issues.