Capacity block #543
Merged
Capacity block #543
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prior to this patch, the `pkg/fargate/coredns` package had some bits of code that accessed/mutated pod annotations assuming that they'll always be instantiated correctly. This patch adds utility functions to safely mutate and access fargate pod annotations. Signed-off-by: Amine Hilaly <[email protected]>
Safely access/mutate fargate coredns pod annotations
With `[email protected]`, API server requests containing URLs presigned by `sts.PresignClient` fail with an `Unauthorized` error. `[email protected]` adds an extra header `amz-sdk-request` to the generated request, but this header is not allow-listed by `aws-iam-authenticator` server running on the control plane. This is likely due to [this change](aws/aws-sdk-go-v2#2438) which reorders the middleware operations to execute `RetryMetricsHeader` before `Signing`. This changelist removes the `RetryMetricsHeader` middleware from the stack when constructing `sts.PresignClient`.
Fix generating presigned URL for K8s authentication
…r-0.168.0 Add release notes for 0.168.0
Prepare for next development iteration
For some clusters, EKS can return the list of public endpoint CIDRs out of order, and won't allow updates where the incoming and current sets have set equality (i.e. regardless of order of CIDR entries). This change restores the set equality check that was removed in commit 72605fb and adds an additional test case to cover this case.
…drs-unordered Handle unordered public endpoint CIDRs from EKS in endpoint updates
Fix outdated links
The IAM condition key StringLike was used incorrectly in the policy and it doesn't work with wildcard (*) in the key itself. Wildcard is only supported in the value of the key. This fixes issue in cases where a volume dynamically provisioned via the older in-tree CSI plugin is being deleted by the new EBS CSI driver, because such volumes don't have the tags used in the policy. The changes made are inspired from the AWS managed AmazonEBSCSIDriverPolicy.
Update well-known policy for ebsCSIController
…ot-be-evicted Fix coredns pdb preventing cluster deletion
Add support for EKS 1.29
…otes Add release notes for 0.169.0
Prepare for next development iteration
Update arm-support.md
…-config-for-v0.33 Expand Karpenter settings.aws block to settings for v0.33.0 and greater
Update stale.yml
…-arn Fix reusing instanceRoleARN for nodegroups authorized with access entry
…#7714) * Preserve eksctl commands correctness when user deletes subnets * update error when subnet availability validation fails * address PR comments
…tityassociation` commands (eksctl-io#7706) * Handle K8s service account lifecycle on eksctl create/delete podidentityassociations commands * correct typo Co-authored-by: Chetan Patwal <[email protected]> --------- Co-authored-by: Chetan Patwal <[email protected]>
* feat: Add support for Ubuntu Pro 22.04 based EKS images * update schema.json * test: Add nodegroup with Ubuntu Pro 22.04 * fix integration test --------- Co-authored-by: Tibi <[email protected]>
Disable IMDSv1 in unowned integration tests
…pre-releases-in-drafter [Release drafter] Treat RCs as full releases when drafting notes
…ies (eksctl-io#7710) * Added migrate-to-access-entry cmd structure * Fix Target Authentication mode validation * Added logic to get accessEntries and cmEntries from cluster * Added logic to make unique list of configmap accessEntries, and stack creation logic * Added UpdateAuthentication mode and aeEntries filter logic * Add approve flag check * Added functionality to remove awsauth after switch to API only * Adds logic to fetch FullARN of path stripped IAMIdentityMappings * Updates some info log text * Adds test case and refactors code * Removes comments * Adds taskTree and address PR comments * Refactors code and Adds exception handling for NoSuchEntityException * Resolves go.mod and go.sum conflicts * Doc update for migrate-to-access-entry feature * Fixed minimum iam policies doc to add permission for iam:GetUser * Updated access-entries doc at migrate-to-access-entry section * Fixes failing Migrate To Access Entry Test & go.mod, go.sum * Amends migrate to access entry documentation * improve logs and simplify code logic * add unit tests * ensure target-auth-mode has a valid value --------- Co-authored-by: Pankaj Walke <[email protected]> Co-authored-by: Venkat Penmetsa <[email protected]> Co-authored-by: Venkat Penmetsa <[email protected]> Co-authored-by: Tibi <[email protected]>
Replaces usage of a per-loop variable with a per-iteration variable.
Fix creating pod identities
Fix deleting clusters with a non-active status
Add release notes for v0.177.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Expand
capacity-blockfeature for eksctlChecklist
README.md, or theuserdocsdirectory)area/nodegroup) and kind (e.g.kind/improvement)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯