From 5e647d376097af81678b69f4d44750f04e5b3778 Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Wed, 6 Dec 2023 17:22:37 -0600 Subject: [PATCH 1/2] Upgrade LBC manifest to 2.6.2 --- .../k8s-1.19.yaml.template | 117 +++++++++++++++++- 1 file changed, 114 insertions(+), 3 deletions(-) diff --git a/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template b/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template index 238ffc4fd6c41..60f1232d484ed 100644 --- a/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template +++ b/upup/models/cloudup/resources/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml.template @@ -1,5 +1,5 @@ {{- with .CloudProvider.AWS.LoadBalancerController }} -# sourced from https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.4.6/v2_4_6_full.yaml +# sourced from https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/download/v2.6.2/v2_6_2_full.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -64,6 +64,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -143,6 +149,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -594,6 +628,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -845,7 +895,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - image: public.ecr.aws/eks/aws-load-balancer-controller:{{ or .Version "v2.4.6" }} + image: public.ecr.aws/eks/aws-load-balancer-controller:{{ or .Version "v2.6.2" }} livenessProbe: failureThreshold: 2 httpGet: @@ -921,9 +971,19 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + app.kubernetes.io/name: aws-load-balancer-controller + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} +--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -933,6 +993,31 @@ metadata: app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -994,6 +1079,32 @@ metadata: app.kubernetes.io/name: aws-load-balancer-controller name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: From 3c77624d5c44c5591fc2b2a448d2490c9fad6783 Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Wed, 6 Dec 2023 17:35:09 -0600 Subject: [PATCH 2/2] ./hack/update-expected.sh --- ...-controller.addons.k8s.io-k8s-1.19_content | 121 +++++++++++++++++- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.19_content | 121 +++++++++++++++++- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.19_content | 121 +++++++++++++++++- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.19_content | 121 +++++++++++++++++- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.19_content | 121 +++++++++++++++++- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.19_content | 121 +++++++++++++++++- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.19_content | 121 +++++++++++++++++- ...ddons.example.com-addons-bootstrap_content | 2 +- 14 files changed, 840 insertions(+), 21 deletions(-) diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content index ffe763020d5e5..d9b03273063b3 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content @@ -65,6 +65,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -144,6 +150,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -612,6 +646,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- @@ -879,7 +929,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 + image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 livenessProbe: failureThreshold: 2 httpGet: @@ -964,11 +1014,27 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-load-balancer-controller + k8s-addon: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} + +--- + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -982,6 +1048,31 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -1049,6 +1140,32 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 837556489e10a..793b783c42516 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -148,7 +148,7 @@ spec: version: 9.99.0 - id: k8s-1.19 manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: fab45cbcc8ea2b0770c0f7e3cbfbac36b2fbe8c91df434d039969bd4a04e31d6 + manifestHash: 62e52a735ecf0a976a1ca912758a92ddb9ffbac09d4f7cd0e2331f1d3e702f89 name: aws-load-balancer-controller.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content index ffe763020d5e5..d9b03273063b3 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content @@ -65,6 +65,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -144,6 +150,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -612,6 +646,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- @@ -879,7 +929,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 + image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 livenessProbe: failureThreshold: 2 httpGet: @@ -964,11 +1014,27 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-load-balancer-controller + k8s-addon: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} + +--- + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -982,6 +1048,31 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -1049,6 +1140,32 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index b05957b8861c8..b279f3232faa2 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -163,7 +163,7 @@ spec: version: 9.99.0 - id: k8s-1.19 manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: fab45cbcc8ea2b0770c0f7e3cbfbac36b2fbe8c91df434d039969bd4a04e31d6 + manifestHash: 62e52a735ecf0a976a1ca912758a92ddb9ffbac09d4f7cd0e2331f1d3e702f89 name: aws-load-balancer-controller.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content index ffe763020d5e5..d9b03273063b3 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content @@ -65,6 +65,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -144,6 +150,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -612,6 +646,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- @@ -879,7 +929,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 + image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 livenessProbe: failureThreshold: 2 httpGet: @@ -964,11 +1014,27 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-load-balancer-controller + k8s-addon: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} + +--- + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -982,6 +1048,31 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -1049,6 +1140,32 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index ba3b78855d62f..0ecb2836f400e 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -170,7 +170,7 @@ spec: version: 9.99.0 - id: k8s-1.19 manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: fab45cbcc8ea2b0770c0f7e3cbfbac36b2fbe8c91df434d039969bd4a04e31d6 + manifestHash: 62e52a735ecf0a976a1ca912758a92ddb9ffbac09d4f7cd0e2331f1d3e702f89 name: aws-load-balancer-controller.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content index ffe763020d5e5..d9b03273063b3 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content @@ -65,6 +65,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -144,6 +150,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -612,6 +646,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- @@ -879,7 +929,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 + image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 livenessProbe: failureThreshold: 2 httpGet: @@ -964,11 +1014,27 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-load-balancer-controller + k8s-addon: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} + +--- + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -982,6 +1048,31 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -1049,6 +1140,32 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index d049bd8ff2479..892d1b6cbd02f 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -170,7 +170,7 @@ spec: version: 9.99.0 - id: k8s-1.19 manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: fab45cbcc8ea2b0770c0f7e3cbfbac36b2fbe8c91df434d039969bd4a04e31d6 + manifestHash: 62e52a735ecf0a976a1ca912758a92ddb9ffbac09d4f7cd0e2331f1d3e702f89 name: aws-load-balancer-controller.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content index ffe763020d5e5..d9b03273063b3 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content @@ -65,6 +65,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -144,6 +150,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -612,6 +646,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- @@ -879,7 +929,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 + image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 livenessProbe: failureThreshold: 2 httpGet: @@ -964,11 +1014,27 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-load-balancer-controller + k8s-addon: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} + +--- + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -982,6 +1048,31 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -1049,6 +1140,32 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index bc4ab4f7f8199..ccbad43095a3c 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -171,7 +171,7 @@ spec: version: 9.99.0 - id: k8s-1.19 manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: fab45cbcc8ea2b0770c0f7e3cbfbac36b2fbe8c91df434d039969bd4a04e31d6 + manifestHash: 62e52a735ecf0a976a1ca912758a92ddb9ffbac09d4f7cd0e2331f1d3e702f89 name: aws-load-balancer-controller.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content index eaeae93fbd2cb..141d4e22b6cb0 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content @@ -65,6 +65,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -144,6 +150,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -612,6 +646,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- @@ -889,7 +939,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 + image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 livenessProbe: failureThreshold: 2 httpGet: @@ -970,11 +1020,27 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-load-balancer-controller + k8s-addon: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} + +--- + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -988,6 +1054,31 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -1055,6 +1146,32 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index f023169824eda..cef39bac37a7a 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -163,7 +163,7 @@ spec: version: 9.99.0 - id: k8s-1.19 manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: d656ecff1afebab268a7efb26250535878d3219f705b892cc8ec528eee00965e + manifestHash: 35f62f8f1ce737681494453c1ca84ebebcdde1baeefd414edeedb1f396e5dc3c name: aws-load-balancer-controller.addons.k8s.io needsPKI: true selector: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content index 01bf97e153da4..e3b62f49fde85 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content @@ -65,6 +65,12 @@ spec: required: - name type: object + inboundCIDRs: + description: InboundCIDRs specifies the CIDRs that are allowed to + access the Ingresses that belong to IngressClass with this IngressClassParams. + items: + type: string + type: array ipAddressType: description: IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. @@ -144,6 +150,34 @@ spec: - internal - internet-facing type: string + sslPolicy: + description: SSLPolicy specifies the SSL Policy for all Ingresses + that belong to IngressClass with this IngressClassParams. + type: string + subnets: + description: Subnets defines the subnets for all Ingresses that belong + to IngressClass with this IngressClassParams. + properties: + ids: + description: IDs specify the resource IDs of subnets. Exactly + one of this or `tags` must be specified. + items: + description: SubnetID specifies a subnet ID. + pattern: subnet-[0-9a-f]+ + type: string + minItems: 1 + type: array + tags: + additionalProperties: + items: + type: string + type: array + description: Tags specifies subnets in the load balancer's VPC + where each tag specified in the map key contains one of the + values in the corresponding value list. Exactly one of this + or `ids` must be specified. + type: object + type: object tags: description: Tags defines list of Tags on AWS resources provisioned for Ingresses that belong to IngressClass with this IngressClassParams. @@ -612,6 +646,22 @@ rules: - get - update - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - aws-load-balancer-controller-leader + resources: + - leases + verbs: + - get + - update + - patch --- @@ -889,7 +939,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.4.6 + image: public.ecr.aws/eks/aws-load-balancer-controller:v2.6.2 livenessProbe: failureThreshold: 2 httpGet: @@ -970,11 +1020,27 @@ spec: - aws-load-balancer-webhook-service.kube-system.svc.cluster.local issuerRef: kind: Issuer - name: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer secretName: aws-load-balancer-webhook-tls --- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-load-balancer-controller + k8s-addon: aws-load-balancer-controller.addons.k8s.io + name: aws-load-balancer-selfsigned-issuer + namespace: kube-system +spec: + selfSigned: {} + +--- + apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -988,6 +1054,31 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /mutate-v1-service + failurePolicy: Fail + name: mservice.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - services + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -1055,6 +1146,32 @@ metadata: k8s-addon: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-webhook webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: aws-load-balancer-webhook-service + namespace: kube-system + path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams + failurePolicy: Fail + name: vingressclassparams.elbv2.k8s.aws + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - aws-load-balancer-controller + rules: + - apiGroups: + - elbv2.k8s.aws + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ingressclassparams + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content index 732068d56a235..5661a26a770bb 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content @@ -163,7 +163,7 @@ spec: version: 9.99.0 - id: k8s-1.19 manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: 786e41ba87c3c845cc14ce2b04ecb2040fc461e7112d82298d8573d8f8674615 + manifestHash: a2f8441f322c19711b1ea935c5eb21e9fa2a231e86c898f6eddf0279ad9c361c name: aws-load-balancer-controller.addons.k8s.io needsPKI: true selector: