Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update main to match upstream #533

Closed
wants to merge 185 commits into from
Closed

Update main to match upstream #533

wants to merge 185 commits into from

Conversation

hspencer77
Copy link

Description

Updated main to match upstream.

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the userdocs directory)
  • Manually tested
  • Made sure the title of the PR is a good description that can go into the release notes
  • (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

a-hilaly and others added 30 commits January 17, 2024 00:26
Prior to this patch, the `pkg/fargate/coredns` package had some bits of
code that accessed/mutated pod annotations assuming that they'll always
be instantiated correctly.

This patch adds utility functions to safely mutate and access fargate
pod annotations.

Signed-off-by: Amine Hilaly <hilalyamine@gmail.com>
Safely access/mutate fargate coredns pod annotations
With `aws-sdk-go-v2@1.24.1`, API server requests containing URLs presigned by `sts.PresignClient` fail with an `Unauthorized` error.

`aws-sdk-go-v2@1.24.1` adds an extra header `amz-sdk-request` to the generated request, but this header is not allow-listed by `aws-iam-authenticator` server running on the control plane.
This is likely due to [this change](aws/aws-sdk-go-v2#2438) which reorders the middleware operations to execute `RetryMetricsHeader` before `Signing`.

This changelist removes the `RetryMetricsHeader` middleware from the stack when constructing `sts.PresignClient`.
Fix generating presigned URL for K8s authentication
Prepare for next development iteration
For some clusters, EKS can return the list of public endpoint CIDRs out of
order, and won't allow updates where the incoming and current sets have set
equality (i.e. regardless of order of CIDR entries). This change restores the
set equality check that was removed in commit
72605fb and adds an additional test case to
cover this case.
…drs-unordered

Handle unordered public endpoint CIDRs from EKS in endpoint updates
The IAM condition key StringLike was used incorrectly in the policy and it doesn't work with wildcard (*) in the key itself. Wildcard is only supported in the value of the key. This fixes issue in cases where a volume dynamically provisioned via the older in-tree CSI plugin is being deleted by the new EBS CSI driver, because such volumes don't have the tags used in the policy.

The changes made are inspired from the AWS managed AmazonEBSCSIDriverPolicy.
Update well-known policy for ebsCSIController
…ot-be-evicted

Fix coredns pdb preventing cluster deletion
Prepare for next development iteration
…-config-for-v0.33

Expand Karpenter settings.aws block to settings for v0.33.0 and greater
cPu1 and others added 28 commits April 25, 2024 14:38
…pre-releases-in-drafter

[Release drafter] Treat RCs as full releases when drafting notes
…ies (eksctl-io#7710)

* Added migrate-to-access-entry cmd structure

* Fix Target Authentication  mode validation

* Added logic to get accessEntries and cmEntries from cluster

* Added logic to make unique list of configmap accessEntries, and stack creation logic

* Added UpdateAuthentication mode and aeEntries filter logic

* Add approve flag check

* Added functionality to remove awsauth after switch to API only

* Adds logic to fetch FullARN of path stripped IAMIdentityMappings

* Updates some info log text

* Adds test case and refactors code

* Removes comments

* Adds taskTree and address PR comments

* Refactors code and Adds exception handling for NoSuchEntityException

* Resolves go.mod and go.sum conflicts

* Doc update for migrate-to-access-entry feature

* Fixed minimum iam policies doc to add permission for iam:GetUser

* Updated access-entries doc at migrate-to-access-entry section

* Fixes failing Migrate To Access Entry Test & go.mod, go.sum

* Amends migrate to access entry documentation

* improve logs and simplify code logic

* add unit tests

* ensure target-auth-mode has a valid value

---------

Co-authored-by: Pankaj Walke <advaitt@amazon.com>
Co-authored-by: Venkat Penmetsa <vpenmets@amazon.com>
Co-authored-by: Venkat Penmetsa <vpenmets@gmail.com>
Co-authored-by: Tibi <110664232+TiberiuGC@users.noreply.github.com>
Replaces usage of a per-loop variable with a per-iteration variable.
Fix deleting clusters with a non-active status
Prepare for next development iteration
Bumps [github.com/aws/aws-sdk-go-v2/service/iam](https://github.com/aws/aws-sdk-go-v2) from 1.28.5 to 1.32.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.32.0/CHANGELOG.md)
- [Commits](aws/aws-sdk-go-v2@service/emr/v1.28.5...service/s3/v1.32.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/iam
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@hspencer77 hspencer77 self-assigned this Apr 30, 2024
@hspencer77 hspencer77 closed this Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.