diff --git a/.github/workflows/check-pr.yml b/.github/workflows/check-pr.yml new file mode 100644 index 0000000000000..df06cb037638d --- /dev/null +++ b/.github/workflows/check-pr.yml @@ -0,0 +1,40 @@ +name: Check PR +on: + pull_request: + types: + - opened + - edited + - labeled + - unlabeled + - reopened + - synchronize + branches: + - 'master*' + - 'release*' + +jobs: + check-pr: + name: Check PR + runs-on: ubuntu-latest + steps: + - name: Check commit messages for WIP + uses: gsactions/commit-message-checker@v1 + with: + pattern: '^(?!WIP)' + flags: 'gmi' + error: Work in progress + checkAllCommitMessages: true + accessToken: ${{ secrets.GITHUB_TOKEN }} + + - name: Check PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + valid-labels: 'merge' + invalid-labels: 'do-not-merge, wip, wait-before-merge' + disable-reviews: true + github-token: '${{ secrets.GITHUB_TOKEN }}' + + - name: Enable auto merge + uses: alexwilson/enable-github-automerge-action@main + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7b0622fd0d716..3c50dbe9a0285 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,9 +1,16 @@ ---- name: CI -'on': - - push - - pull_request +on: + push: + tags: + - "*" + branches: + - "master*" + - "release*" + pull_request: + branches: + - "master*" + - "release*" env: GOPROXY: https://proxy.golang.org @@ -13,61 +20,114 @@ permissions: contents: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + src: ${{ steps.filter.outputs.src }} + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + + - name: Detect changes + uses: dorny/paths-filter@v3 + id: filter + with: + filters: | + src: + - '!.github/**' + build-linux-amd64: + needs: changes + if: ${{ needs.changes.outputs.src == 'true' || startsWith(github.ref, 'refs/tags/') }} runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - name: Checkout full + if: startsWith(github.ref, 'refs/tags/') + run: | + git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} -b ${GITHUB_REF#refs/tags/} ${{ env.GOPATH }}/src/k8s.io/kops + + - name: Checkout shallow + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + if: startsWith(github.ref, 'refs/tags/') == false with: path: ${{ env.GOPATH }}/src/k8s.io/kops - - name: Set up go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 with: go-version-file: '${{ env.GOPATH }}/src/k8s.io/kops/go.mod' - - name: make all examples test + - name: Make all examples test working-directory: ${{ env.GOPATH }}/src/k8s.io/kops run: | make all examples test + - name: Upload Linux binaries + if: startsWith(github.ref, 'refs/tags/') + uses: actions/upload-artifact@v4 + with: + name: kops-linux-amd64 + path: ${{ env.GOPATH }}/src/k8s.io/kops/.build/dist/linux/amd64/* + if-no-files-found: error + retention-days: 1 + build-macos-amd64: + needs: changes + if: ${{ needs.changes.outputs.src == 'true' || startsWith(github.ref, 'refs/tags/') }} runs-on: macos-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - with: - path: ${{ env.GOPATH }}/src/k8s.io/kops + - name: Checkout full + if: startsWith(github.ref, 'refs/tags/') + run: | + git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} -b ${GITHUB_REF#refs/tags/} ${{ env.GOPATH }}/src/k8s.io/kops - - name: Set up go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 - with: - go-version-file: '${{ env.GOPATH }}/src/k8s.io/kops/go.mod' + - name: Checkout shallow + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + if: startsWith(github.ref, 'refs/tags/') == false + with: + path: ${{ env.GOPATH }}/src/k8s.io/kops - - name: make kops examples test - working-directory: ${{ env.GOPATH }}/src/k8s.io/kops - run: | - make kops examples test + - name: Set up go + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 + with: + go-version-file: '${{ env.GOPATH }}/src/k8s.io/kops/go.mod' - build-windows-amd64: - runs-on: windows-2019 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - with: - path: ${{ env.GOPATH }}/src/k8s.io/kops + # Build and upload arm64 + - name: Make kops examples test (arm64) + working-directory: ${{ env.GOPATH }}/src/k8s.io/kops + run: | + GOARCH=arm64 make kops examples test - - name: Set up go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 - with: - go-version-file: '${{ env.GOPATH }}/src/k8s.io/kops/go.mod' + - name: Upload kops MacOS binary (arm64) + if: startsWith(github.ref, 'refs/tags/') + uses: actions/upload-artifact@v4 + with: + name: kops-darwin-arm64 + path: ${{ env.GOPATH }}/src/k8s.io/kops/.build/dist/darwin/arm64/kops + if-no-files-found: error + retention-days: 1 - - name: make kops examples test - working-directory: ${{ env.GOPATH }}/src/k8s.io/kops - run: | - make kops examples test-windows + # Build and upload amd64 + - name: Make kops examples test (amd64) + working-directory: ${{ env.GOPATH }}/src/k8s.io/kops + run: | + GOARCH=amd64 make kops + + - name: Upload kops MacOS binary (amd64) + if: startsWith(github.ref, 'refs/tags/') + uses: actions/upload-artifact@v4 + with: + name: kops-darwin-amd64 + path: ${{ env.GOPATH }}/src/k8s.io/kops/.build/dist/darwin/amd64/kops + if-no-files-found: error + retention-days: 1 verify: + needs: changes + if: ${{ needs.changes.outputs.src == 'true' || startsWith(github.ref, 'refs/tags/') }} runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: path: ${{ env.GOPATH }}/src/k8s.io/kops @@ -76,7 +136,41 @@ jobs: with: go-version-file: '${{ env.GOPATH }}/src/k8s.io/kops/go.mod' - - name: make quick-ci + - name: Make quick-ci working-directory: ${{ env.GOPATH }}/src/k8s.io/kops run: | make quick-ci + + release: + runs-on: ubuntu-20.04 + if: startsWith(github.ref, 'refs/tags/') + permissions: + contents: write + needs: + - build-linux-amd64 + - build-macos-amd64 + - verify + steps: + - name: Download all binary artifacts + uses: actions/download-artifact@v4 + + - name: Rename kops binary artifacts + run: | + mv kops-darwin-amd64/kops kops-darwin-amd64/kops-darwin-amd64 + mv kops-darwin-arm64/kops kops-darwin-arm64/kops-darwin-arm64 + mv kops-linux-amd64/kops kops-linux-amd64/kops-linux-amd64 + mv kops-linux-amd64/channels kops-linux-amd64/channels-linux-amd64 + mv kops-linux-amd64/protokube kops-linux-amd64/protokube-linux-amd64 + mv kops-linux-amd64/nodeup kops-linux-amd64/nodeup-linux-amd64 + + - name: Release + uses: softprops/action-gh-release@v2 + with: + fail_on_unmatched_files: true + files: | + kops-darwin-amd64/kops-darwin-amd64 + kops-darwin-arm64/kops-darwin-arm64 + kops-linux-amd64/kops-linux-amd64 + kops-linux-amd64/channels-linux-amd64 + kops-linux-amd64/protokube-linux-amd64 + kops-linux-amd64/nodeup-linux-amd64 diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content index 6b7af3ba72cb4..3a138f68359f3 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.25 manifest: networking.projectcalico.org/k8s-1.25.yaml - manifestHash: 2ba3f766420e62e454cdf6462f3cf1e01c0be716ec3309c441ab2c9249413f87 + manifestHash: 133a8bebf944e9b5ae97274fe4104c74963ef5ca3f398aef956830e0ee512308 name: networking.projectcalico.org prune: kinds: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.25_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.25_content index fa262326b03e9..79e7b5b85e2cc 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.25_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.25_content @@ -4945,6 +4945,8 @@ spec: name: calico-config - name: CALICO_IPV4POOL_CIDR value: 100.96.0.0/11 + - name: CALICO_IPV6POOL_NAT_OUTGOING + value: "false" - name: CALICO_DISABLE_FILE_LOGGING value: "true" - name: FELIX_DEFAULTENDPOINTTOHOSTACTION diff --git a/tools/get_version.sh b/tools/get_version.sh index 1c709b0581878..5d48abc062529 100755 --- a/tools/get_version.sh +++ b/tools/get_version.sh @@ -36,6 +36,7 @@ if [[ -n "${CI}" ]]; then EXACT_TAG=$(git describe --tags --exact-match 2>/dev/null || true) if [[ -n "${EXACT_TAG}" ]]; then VERSION="${EXACT_TAG#v}" # Remove the v prefix from the git tag + VERSION="${VERSION//-bp*/}" # remove the bearingpoint version from the tag if [[ "${VERSION}" != "${KOPS_RELEASE_VERSION}" ]]; then echo "Build was tagged with ${VERSION}, but kops-version.go had version ${KOPS_RELEASE_VERSION}" exit 1 diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template index 970c3aa5a47ea..e49a6456c48f1 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.22.yaml.template @@ -49,7 +49,7 @@ data: "mtu": __CNI_MTU__, "ipam": { "assign_ipv4": "{{ not IsIPv6Only }}", - "assign_ipv6": "{{ IsIPv6Only }}", + "assign_ipv6": "{{ CalicoUseIPv6 }}", {{- if IsIPv6Only }} "type": "host-local", "ranges": [[{ "subnet": "usePodCidrIPv6" }]] @@ -4633,7 +4633,7 @@ spec: - name: IP value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}" - name: IP6 - value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}" + value: "{{- if CalicoUseIPv6 -}}autodetect{{- else -}}none{{- end -}}" {{- if IsIPv6Only }} - name: IP_AUTODETECTION_METHOD value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "none" }}" @@ -4680,6 +4680,8 @@ spec: {{- else }} - name: CALICO_IPV4POOL_CIDR value: "{{ .KubeControllerManager.ClusterCIDR }}" + - name: CALICO_IPV6POOL_NAT_OUTGOING + value: "{{- CalicoUseIPv6 }}" {{- end }} # Disable file logging so `kubectl logs` works. - name: CALICO_DISABLE_FILE_LOGGING @@ -4689,7 +4691,7 @@ spec: value: "ACCEPT" # Set IPv6 on Kubernetes. - name: FELIX_IPV6SUPPORT - value: "{{ IsIPv6Only }}" + value: "{{ CalicoUseIPv6 }}" - name: FELIX_HEALTHENABLED value: "true" diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template index c1f8ae111382d..49f6528b9e3d3 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.25.yaml.template @@ -102,7 +102,7 @@ data: "mtu": __CNI_MTU__, "ipam": { "assign_ipv4": "{{ not IsIPv6Only }}", - "assign_ipv6": "{{ IsIPv6Only }}", + "assign_ipv6": "{{ CalicoUseIPv6 }}", {{- if IsIPv6Only }} "type": "host-local", "ranges": [[{ "subnet": "usePodCidrIPv6" }]] @@ -4987,7 +4987,7 @@ spec: - name: IP value: "{{- if not IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}" - name: IP6 - value: "{{- if IsIPv6Only -}}autodetect{{- else -}}none{{- end -}}" + value: "{{- if CalicoUseIPv6 -}}autodetect{{- else -}}none{{- end -}}" {{- if IsIPv6Only }} - name: IP_AUTODETECTION_METHOD value: "{{- or .Networking.Calico.IPv4AutoDetectionMethod "none" }}" @@ -5034,6 +5034,8 @@ spec: {{- else }} - name: CALICO_IPV4POOL_CIDR value: "{{ .KubeControllerManager.ClusterCIDR }}" + - name: CALICO_IPV6POOL_NAT_OUTGOING + value: "{{- CalicoUseIPv6 }}" {{- end }} # Disable file logging so `kubectl logs` works. - name: CALICO_DISABLE_FILE_LOGGING @@ -5043,7 +5045,7 @@ spec: value: "ACCEPT" # Set IPv6 on Kubernetes. - name: FELIX_IPV6SUPPORT - value: "{{ IsIPv6Only }}" + value: "{{ CalicoUseIPv6 }}" - name: FELIX_HEALTHENABLED value: "true" diff --git a/upup/pkg/fi/cloudup/openstack/cloud.go b/upup/pkg/fi/cloudup/openstack/cloud.go index 853a9a47ec092..8b10cb0b1a3b2 100644 --- a/upup/pkg/fi/cloudup/openstack/cloud.go +++ b/upup/pkg/fi/cloudup/openstack/cloud.go @@ -616,6 +616,37 @@ func InstanceInClusterAndIG(instance servers.Server, clusterName string, instanc return true } +func deletePorts(c OpenstackCloud, instanceGroupName string, clusterName string) error { + tags := []string{ + fmt.Sprintf("%s=%s", TagClusterName, clusterName), + fmt.Sprintf("%s=%s", TagKopsInstanceGroup, instanceGroupName), + } + + ports, err := c.ListPorts(ports.ListOpts{Tags: strings.Join(tags, ",")}) + if err != nil { + return fmt.Errorf("could not list ports %v", err) + } + + for _, port := range ports { + // previous approach was problematic: + // for example in case there is a group called "worker" and "worker-2", it will delete ports of "worker" as well, + // because there might be port names like: + // * "port-worker-2-" + // * "port-worker-20-" + klog.V(2).Infof("Delete port '%s' (%s)", port.Name, port.ID) + err := c.DeletePort(port.ID) + + // TODO: + // really give up after trying to delete one port? other ports will be orphaned + // better to try all ports and collect errors? + if err != nil { + return fmt.Errorf("could not delete port %q: %v", port.ID, err) + } + } + + return nil +} + func deleteGroup(c OpenstackCloud, g *cloudinstances.CloudInstanceGroup) error { cluster := g.Raw.(*kops.Cluster) allInstances, err := c.ListInstances(servers.ListOpts{ @@ -638,18 +669,10 @@ func deleteGroup(c OpenstackCloud, g *cloudinstances.CloudInstanceGroup) error { return fmt.Errorf("could not delete instance %q: %v", instance.ID, err) } } - ports, err := c.ListPorts(ports.ListOpts{}) - if err != nil { - return fmt.Errorf("could not list ports %v", err) - } - for _, port := range ports { - if strings.HasPrefix(port.Name, fmt.Sprintf("port-%s", g.InstanceGroup.Name)) && fi.ArrayContains(port.Tags, fmt.Sprintf("%s=%s", TagClusterName, cluster.Name)) { - err := c.DeletePort(port.ID) - if err != nil { - return fmt.Errorf("could not delete port %q: %v", port.ID, err) - } - } + err = deletePorts(c, g.InstanceGroup.Name, cluster.Name) + if err != nil { + return err } sgName := g.InstanceGroup.Name diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go index 3965f7effc8ac..3cc605c346ea0 100644 --- a/upup/pkg/fi/cloudup/template_functions.go +++ b/upup/pkg/fi/cloudup/template_functions.go @@ -301,6 +301,13 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS } return "CrossSubnet" } + dest["CalicoUseIPv6"] = func() bool { + // TODO: + // In the templates this is done: + // value: "{{- or .Networking.Calico.IPv6AutoDetectionMethod "none" }}" + // But doc states that default is "first-found", so this might not work like expected (IPv6 always on) + return cluster.Spec.IsIPv6Only() || (c.IPv6AutoDetectionMethod != "" && c.IPv6AutoDetectionMethod != "none") + } } if cluster.Spec.Networking.Cilium != nil {