diff --git a/go.mod b/go.mod index 9b6690300..d3c0909a5 100644 --- a/go.mod +++ b/go.mod @@ -1,14 +1,14 @@ module github.com/projectcalico/api -go 1.24.6 +go 1.24.9 require ( github.com/jinzhu/copier v0.4.0 github.com/onsi/ginkgo v1.16.5 github.com/onsi/gomega v1.36.2 - k8s.io/api v0.32.8 - k8s.io/apimachinery v0.32.8 - k8s.io/client-go v0.32.8 + k8s.io/api v0.32.9 + k8s.io/apimachinery v0.32.9 + k8s.io/client-go v0.32.9 k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f ) @@ -37,12 +37,12 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/net v0.42.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sys v0.34.0 // indirect - golang.org/x/term v0.33.0 // indirect - golang.org/x/text v0.27.0 // indirect - golang.org/x/time v0.12.0 // indirect + golang.org/x/net v0.46.0 // indirect + golang.org/x/oauth2 v0.32.0 // indirect + golang.org/x/sys v0.37.0 // indirect + golang.org/x/term v0.36.0 // indirect + golang.org/x/text v0.30.0 // indirect + golang.org/x/time v0.14.0 // indirect google.golang.org/protobuf v1.36.1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -56,29 +56,29 @@ require ( ) replace ( - k8s.io/api => k8s.io/api v0.32.8 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.32.8 - k8s.io/apimachinery => k8s.io/apimachinery v0.32.8 - k8s.io/apiserver => k8s.io/apiserver v0.32.8 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.32.8 - k8s.io/client-go => k8s.io/client-go v0.32.8 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.32.8 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.32.8 - k8s.io/code-generator => k8s.io/code-generator v0.32.8 - k8s.io/component-base => k8s.io/component-base v0.32.8 - k8s.io/component-helpers => k8s.io/component-helpers v0.32.8 - k8s.io/controller-manager => k8s.io/controller-manager v0.32.8 - k8s.io/cri-api => k8s.io/cri-api v0.32.8 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.32.8 - k8s.io/externaljwt => k8s.io/externaljwt v0.32.8 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.32.8 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.32.8 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.32.8 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.32.8 - k8s.io/kubectl => k8s.io/kubectl v0.32.8 - k8s.io/kubelet => k8s.io/kubelet v0.32.8 - k8s.io/metrics => k8s.io/metrics v0.32.8 - k8s.io/mount-utils => k8s.io/mount-utils v0.32.8 - k8s.io/node-api => k8s.io/node-api v0.32.8 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.32.8 + k8s.io/api => k8s.io/api v0.32.9 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.32.9 + k8s.io/apimachinery => k8s.io/apimachinery v0.32.9 + k8s.io/apiserver => k8s.io/apiserver v0.32.9 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.32.9 + k8s.io/client-go => k8s.io/client-go v0.32.9 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.32.9 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.32.9 + k8s.io/code-generator => k8s.io/code-generator v0.32.9 + k8s.io/component-base => k8s.io/component-base v0.32.9 + k8s.io/component-helpers => k8s.io/component-helpers v0.32.9 + k8s.io/controller-manager => k8s.io/controller-manager v0.32.9 + k8s.io/cri-api => k8s.io/cri-api v0.32.9 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.32.9 + k8s.io/externaljwt => k8s.io/externaljwt v0.32.9 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.32.9 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.32.9 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.32.9 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.32.9 + k8s.io/kubectl => k8s.io/kubectl v0.32.9 + k8s.io/kubelet => k8s.io/kubelet v0.32.9 + k8s.io/metrics => k8s.io/metrics v0.32.9 + k8s.io/mount-utils => k8s.io/mount-utils v0.32.9 + k8s.io/node-api => k8s.io/node-api v0.32.9 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.32.9 ) diff --git a/go.sum b/go.sum index 8c01466ec..d8e96b419 100644 --- a/go.sum +++ b/go.sum @@ -122,10 +122,10 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= -golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= +golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= +golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= +golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -139,23 +139,23 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= -golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= +golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= +golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= +golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= -golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= +golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo= -golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= +golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= +golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -184,12 +184,12 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.32.8 h1:PhuKPnqsaXYuwmLXRLAmdDJ9EZ2R2kEbOZTq4UE3lGc= -k8s.io/api v0.32.8/go.mod h1:gdRZQ4zXGawr9YrJ5OjTl7aR3TD0mTowtFsqFtpCDXo= -k8s.io/apimachinery v0.32.8 h1:95I+2jX71Tev+C+UlhNbmKfv+A/TQII42HLskiHZpBg= -k8s.io/apimachinery v0.32.8/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/client-go v0.32.8 h1:BkSFWUtRz/BbE3DJF98KPg7ix6lwMnIQ9DnHw3iWiSw= -k8s.io/client-go v0.32.8/go.mod h1:vGkCzRxZ7BuRX2zdW7+kOwCdcgOkq9omDWb26wk/sE0= +k8s.io/api v0.32.9 h1:q/59kk8lnecgG0grJqzrmXC1Jcl2hPWp9ltz0FQuoLI= +k8s.io/api v0.32.9/go.mod h1:jIfT3rwW4EU1IXZm9qjzSk/2j91k4CJL5vUULrxqp3Y= +k8s.io/apimachinery v0.32.9 h1:fXk8ktfsxrdThaEOAQFgkhCK7iyoyvS8nbYJ83o/SSs= +k8s.io/apimachinery v0.32.9/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.9 h1:ZMyIQ1TEpTDAQni3L2gH1NZzyOA/gHfNcAazzCxMJ0c= +k8s.io/client-go v0.32.9/go.mod h1:2OT8aFSYvUjKGadaeT+AVbhkXQSpMAkiSb88Kz2WggI= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= diff --git a/lib.Makefile b/lib.Makefile index 1d32d0e4a..9fabe175a 100644 --- a/lib.Makefile +++ b/lib.Makefile @@ -288,9 +288,8 @@ DOCKER_BUILD=docker buildx build --load --platform=linux/$(ARCH) $(DOCKER_PULL)\ --build-arg CALICO_BASE=$(CALICO_BASE) \ --build-arg BPFTOOL_IMAGE=$(BPFTOOL_IMAGE) -DOCKER_RUN := mkdir -p $(REPO_ROOT)/.go-pkg-cache bin $(GOMOD_CACHE) && \ +DOCKER_RUN_PRIV_NET := mkdir -p $(REPO_ROOT)/.go-pkg-cache bin $(GOMOD_CACHE) && \ docker run --rm \ - --net=host \ --init \ $(EXTRA_DOCKER_ARGS) \ -e LOCAL_USER_ID=$(LOCAL_USER_ID) \ @@ -304,6 +303,8 @@ DOCKER_RUN := mkdir -p $(REPO_ROOT)/.go-pkg-cache bin $(GOMOD_CACHE) && \ -v $(REPO_ROOT)/.go-pkg-cache:/go-cache:rw \ -w /go/src/$(PACKAGE_NAME) +DOCKER_RUN := $(DOCKER_RUN_PRIV_NET) --net=host + DOCKER_GO_BUILD := $(DOCKER_RUN) $(CALICO_BUILD) # A target that does nothing but it always stale, used to force a rebuild on certain targets based on some non-file criteria. @@ -487,10 +488,9 @@ git-commit: ############################################################################### ifdef LOCAL_CRANE -CRANE_CMD = bash -c $(double_quote)crane +CRANE_CMD = crane else -CRANE_CMD = docker run -t --entrypoint /bin/sh -v $(DOCKER_CONFIG):/root/.docker/config.json $(CALICO_BUILD) -c \ - $(double_quote)crane +CRANE_CMD = $(REPO_ROOT)/bin/crane endif GIT_CMD = git @@ -1163,9 +1163,9 @@ release-retag-dev-images-in-registry-%: # release-retag-dev-image-in-registry-% retags the build image specified by $* in the dev registry specified by # DEV_REGISTRY with the release tag specified by RELEASE_TAG. If DEV_REGISTRY is in the list of registries specified by # RELEASE_REGISTRIES then the retag is not done -release-retag-dev-image-in-registry-%: +release-retag-dev-image-in-registry-%: bin/crane $(if $(filter-out $(RELEASE_REGISTRIES),$(DEV_REGISTRY)),\ - $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(DEV_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG))$(double_quote) + $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(DEV_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG)) # release-dev-images-to-registry-% copies and retags all the build / arch images specified by BUILD_IMAGES and # VALIDARCHES from the registry specified by DEV_REGISTRY to the registry specified by RELEASE_REGISTRY using the tag @@ -1175,16 +1175,16 @@ release-dev-images-to-registry-%: # release-dev-image-to-registry-% copies the build image and build arch images specified by $* and VALIDARCHES from # the dev repo specified by DEV_TAG and RELEASE. -release-dev-image-to-registry-%: +release-dev-image-to-registry-%: bin/crane $(if $(SKIP_MANIFEST_RELEASE),,\ - $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(RELEASE_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG))$(double_quote) + $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(RELEASE_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG)) $(if $(SKIP_ARCH_RELEASE),,\ $(MAKE) $(addprefix release-dev-image-arch-to-registry-,$(VALIDARCHES)) BUILD_IMAGE=$(call unescapefs,$*)) # release-dev-image-to-registry-% copies the build arch image specified by BUILD_IMAGE and ARCH from the dev repo # specified by DEV_TAG and RELEASE. -release-dev-image-arch-to-registry-%: - $(CRANE) cp $(DEV_REGISTRY)/$(BUILD_IMAGE):$(DEV_TAG)-$* $(RELEASE_REGISTRY)/$(BUILD_IMAGE):$(RELEASE_TAG)-$*$(double_quote) +release-dev-image-arch-to-registry-%: bin/crane + $(CRANE) cp $(DEV_REGISTRY)/$(BUILD_IMAGE):$(DEV_TAG)-$* $(RELEASE_REGISTRY)/$(BUILD_IMAGE):$(RELEASE_TAG)-$* # release-prereqs checks that the environment is configured properly to create a release. .PHONY: release-prereqs @@ -1205,6 +1205,29 @@ bin/yq: tar -zxvf $(TMP)/yq4.tar.gz -C $(TMP) mv $(TMP)/yq_linux_$(BUILDARCH) bin/yq +# This setup is used to download and install the 'crane' binary into the local bin/ directory. +# The binary will be placed at: ./bin/crane +# Normalize architecture for go-containerregistry filenames +CRANE_BUILDARCH := $(shell uname -m | sed 's/aarch64/arm64/') +CRANE_OS := $(shell uname -s) +ifeq ($(CRANE_BUILDARCH),) + $(error Unsupported or unknown architecture: $(shell uname -m)) +endif +ifeq ($(CRANE_OS),) + $(error Unsupported or unknown OS: $(shell uname -s)) +endif + +CRANE_FILENAME := go-containerregistry_$(CRANE_OS)_$(CRANE_BUILDARCH).tar.gz +CRANE_URL := https://github.com/google/go-containerregistry/releases/download/$(CRANE_VERSION)/$(CRANE_FILENAME) + +# Install crane binary into bin/ +.PHONY: bin/crane +bin/crane: $(REPO_ROOT)/bin/crane +$(REPO_ROOT)/bin/crane: + $(info ::: Downloading crane from $(CRANE_URL)) + @mkdir -p $(REPO_ROOT)/bin + @curl -sSfL --retry 5 $(CRANE_URL) | tar zx -C $(REPO_ROOT)/bin crane + ############################################################################### # Common functions for launching a local Kubernetes control plane. ############################################################################### @@ -1412,32 +1435,6 @@ help: # Common functions for building windows images. ############################################################################### -# When running on semaphore, just copy the docker config, otherwise run -# 'docker-credential-gcr configure-docker' as well. -ifdef SEMAPHORE -DOCKER_CREDENTIAL_CMD = cp /root/.docker/config.json_host /root/.docker/config.json -else -DOCKER_CREDENTIAL_CMD = cp /root/.docker/config.json_host /root/.docker/config.json && \ - docker-credential-gcr configure-docker -endif - -# This needs the $(WINDOWS_DIST)/bin/docker-credential-gcr binary in $PATH and -# also the local ~/.config/gcloud dir to be able to push to gcr.io. It mounts -# $(DOCKER_CONFIG) and copies it so that it can be written to on the container, -# but not have any effect on the host config. -CRANE_BINDMOUNT_CMD := \ - docker run --rm \ - --net=host \ - --init \ - --entrypoint /bin/sh \ - -e LOCAL_USER_ID=$(LOCAL_USER_ID) \ - -v $(CURDIR):/go/src/$(PACKAGE_NAME):rw \ - -v $(DOCKER_CONFIG):/root/.docker/config.json_host:ro \ - -e PATH=$${PATH}:/go/src/$(PACKAGE_NAME)/$(WINDOWS_DIST)/bin \ - -v $(HOME)/.config/gcloud:/root/.config/gcloud \ - -w /go/src/$(PACKAGE_NAME) \ - $(CALICO_BUILD) -c $(double_quote)$(DOCKER_CREDENTIAL_CMD) && crane - DOCKER_MANIFEST_CMD := docker manifest ifdef CONFIRM @@ -1545,7 +1542,7 @@ image-windows: setup-windows-builder var-require-all-WINDOWS_VERSIONS $(MAKE) windows-sub-image-$${version}; \ done; -release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAGETAG-DEV_REGISTRIES image-windows docker-credential-gcr-binary +release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAGETAG-DEV_REGISTRIES image-windows docker-credential-gcr-binary bin/crane for registry in $(DEV_REGISTRIES); do \ echo Pushing Windows images to $${registry}; \ all_images=""; \ @@ -1554,7 +1551,7 @@ release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAG image_tar="$(WINDOWS_DIST)/$(WINDOWS_IMAGE)-$(GIT_VERSION)-$${win_ver}.tar"; \ image="$${registry}/$(WINDOWS_IMAGE):$(IMAGETAG)-windows-$${win_ver}"; \ echo Pushing image $${image} ...; \ - $(CRANE_BINDMOUNT) push $${image_tar} $${image}$(double_quote) & \ + $(CRANE) push $${image_tar} $${image} & \ all_images="$${all_images} $${image}"; \ done; \ wait; \ @@ -1567,10 +1564,10 @@ release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAG $(DOCKER_MANIFEST) push --purge $${manifest_image}; \ done; -release-windows: var-require-one-of-CONFIRM-DRYRUN var-require-all-DEV_REGISTRIES-WINDOWS_IMAGE var-require-one-of-VERSION-BRANCH_NAME +release-windows: var-require-one-of-CONFIRM-DRYRUN var-require-all-DEV_REGISTRIES-WINDOWS_IMAGE var-require-one-of-VERSION-BRANCH_NAME bin/crane describe_tag=$(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(shell git describe --tags --dirty --long --always --abbrev=12); \ release_tag=$(if $(VERSION),$(VERSION),$(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(BRANCH_NAME)); \ $(MAKE) release-windows-with-tag IMAGETAG=$${describe_tag}; \ for registry in $(DEV_REGISTRIES); do \ - $(CRANE_BINDMOUNT) cp $${registry}/$(WINDOWS_IMAGE):$${describe_tag} $${registry}/$(WINDOWS_IMAGE):$${release_tag}$(double_quote); \ + $(CRANE) cp $${registry}/$(WINDOWS_IMAGE):$${describe_tag} $${registry}/$(WINDOWS_IMAGE):$${release_tag}; \ done; diff --git a/metadata.mk b/metadata.mk index d3f0581f8..79669b0b9 100644 --- a/metadata.mk +++ b/metadata.mk @@ -3,8 +3,8 @@ ################################################################################################# # The version of calico/go-build and calico/base to use. -GO_BUILD_VER=1.24.6-llvm18.1.8-k8s1.32.8 -CALICO_BASE_VER=ubi8-1744398299 +GO_BUILD_VER=1.24.9-llvm18.1.8-k8s1.32.9 +CALICO_BASE_VER=ubi8-1759892166 # Env var to ACK Ginkgo deprecation warnings, may need updating with go-build. ACK_GINKGO=ACK_GINKGO_DEPRECATIONS=1.16.5 @@ -14,6 +14,7 @@ K8S_VERSION=v1.32.4 # Version of various tools used in the build and tests. COREDNS_VERSION=1.5.2 +CRANE_VERSION=v0.20.6 ETCD_VERSION=v3.5.6 GHR_VERSION=v0.17.0 HELM_VERSION=v3.11.3 diff --git a/pkg/apis/projectcalico/v3/felixconfig.go b/pkg/apis/projectcalico/v3/felixconfig.go index 7774e865f..4b7a71bd8 100644 --- a/pkg/apis/projectcalico/v3/felixconfig.go +++ b/pkg/apis/projectcalico/v3/felixconfig.go @@ -709,6 +709,10 @@ type FelixConfigurationSpec struct { // +kubebuilder:validation:Pattern=`^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$` BPFKubeProxyMinSyncPeriod *metav1.Duration `json:"bpfKubeProxyMinSyncPeriod,omitempty" validate:"omitempty" configv1timescale:"seconds"` + // BPFKubeProxyHealthzPort, in BPF mode, controls the port that Felix's embedded kube-proxy health check server binds to. + // The health check server is used by external load balancers to determine if this node should receive traffic. [Default: 10256] + BPFKubeProxyHealthzPort *int `json:"bpfKubeProxyHealthzPort,omitempty" validate:"omitempty,gte=1,lte=65535" confignamev1:"BPFKubeProxyHealthzPort"` + // BPFKubeProxyEndpointSlicesEnabled is deprecated and has no effect. BPF // kube-proxy always accepts endpoint slices. This option will be removed in // the next release. @@ -806,6 +810,9 @@ type FelixConfigurationSpec struct { // [Default: 1] BPFExportBufferSizeMB *int `json:"bpfExportBufferSizeMB,omitempty" validate:"omitempty,cidrs"` + // CgroupV2Path overrides the default location where to find the cgroup hierarchy. + CgroupV2Path string `json:"cgroupV2Path,omitempty"` + // Continuous - Felix evaluates active flows on a regular basis to determine the rule // traces in the flow logs. Any policy updates that impact a flow will be reflected in the // pending_policies field, offering a near-real-time view of policy changes across flows. diff --git a/pkg/apis/projectcalico/v3/kubecontrollersconfig.go b/pkg/apis/projectcalico/v3/kubecontrollersconfig.go index 30498b471..eb189d249 100644 --- a/pkg/apis/projectcalico/v3/kubecontrollersconfig.go +++ b/pkg/apis/projectcalico/v3/kubecontrollersconfig.go @@ -167,6 +167,8 @@ type NamespaceControllerConfig struct { } type LoadBalancerControllerConfig struct { + // AssignIPs controls which LoadBalancer Service gets IP assigned from Calico IPAM. + // +kubebuilder:default=AllServices AssignIPs AssignIPs `json:"assignIPs,omitempty" validate:"omitempty,assignIPs"` } diff --git a/pkg/apis/projectcalico/v3/zz_generated.deepcopy.go b/pkg/apis/projectcalico/v3/zz_generated.deepcopy.go index 290094b80..fc5c17879 100644 --- a/pkg/apis/projectcalico/v3/zz_generated.deepcopy.go +++ b/pkg/apis/projectcalico/v3/zz_generated.deepcopy.go @@ -1535,6 +1535,11 @@ func (in *FelixConfigurationSpec) DeepCopyInto(out *FelixConfigurationSpec) { *out = new(v1.Duration) **out = **in } + if in.BPFKubeProxyHealthzPort != nil { + in, out := &in.BPFKubeProxyHealthzPort, &out.BPFKubeProxyHealthzPort + *out = new(int) + **out = **in + } if in.BPFKubeProxyEndpointSlicesEnabled != nil { in, out := &in.BPFKubeProxyEndpointSlicesEnabled, &out.BPFKubeProxyEndpointSlicesEnabled *out = new(bool) diff --git a/pkg/openapi/generated.openapi.go b/pkg/openapi/generated.openapi.go index 00524cfd4..6a643d0a8 100644 --- a/pkg/openapi/generated.openapi.go +++ b/pkg/openapi/generated.openapi.go @@ -3235,6 +3235,13 @@ func schema_pkg_apis_projectcalico_v3_FelixConfigurationSpec(ref common.Referenc Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, + "bpfKubeProxyHealthzPort": { + SchemaProps: spec.SchemaProps{ + Description: "BPFKubeProxyHealthzPort, in BPF mode, controls the port that Felix's embedded kube-proxy health check server binds to. The health check server is used by external load balancers to determine if this node should receive traffic. [Default: 10256]", + Type: []string{"integer"}, + Format: "int32", + }, + }, "bpfKubeProxyEndpointSlicesEnabled": { SchemaProps: spec.SchemaProps{ Description: "BPFKubeProxyEndpointSlicesEnabled is deprecated and has no effect. BPF kube-proxy always accepts endpoint slices. This option will be removed in the next release.", @@ -3383,6 +3390,13 @@ func schema_pkg_apis_projectcalico_v3_FelixConfigurationSpec(ref common.Referenc Format: "int32", }, }, + "cgroupV2Path": { + SchemaProps: spec.SchemaProps{ + Description: "CgroupV2Path overrides the default location where to find the cgroup hierarchy.", + Type: []string{"string"}, + Format: "", + }, + }, "flowLogsPolicyEvaluationMode": { SchemaProps: spec.SchemaProps{ Description: "Continuous - Felix evaluates active flows on a regular basis to determine the rule traces in the flow logs. Any policy updates that impact a flow will be reflected in the pending_policies field, offering a near-real-time view of policy changes across flows. None - Felix stops evaluating pending traces. [Default: Continuous]", @@ -4896,8 +4910,9 @@ func schema_pkg_apis_projectcalico_v3_LoadBalancerControllerConfig(ref common.Re Properties: map[string]spec.Schema{ "assignIPs": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "AssignIPs controls which LoadBalancer Service gets IP assigned from Calico IPAM.", + Type: []string{"string"}, + Format: "", }, }, },