Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update golang 1.19.2 EKS-D #2147

Merged
merged 2 commits into from
Nov 23, 2022
Merged

Update golang 1.19.2 EKS-D #2147

merged 2 commits into from
Nov 23, 2022

Conversation

jayanthvn
Copy link
Contributor

What type of PR is this?
Upgrade golang

Which issue does this PR fix:
CVEs with Go before 1.18.6 and 1.19.x before 1.19.1.

What does this PR do / Why do we need it:
Upgrade golang

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
N/A

Testing done on this change:

[Will update the tests once executed for ARM and AMD]
Automation added to e2e:

Need to run integration tests for ARM and AMD.

Will this PR introduce any new dependencies?:

No

Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No

Does this change require updates to the CNI daemonset config files to work?:

No

Does this PR introduce any user-facing change?:

No


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jayanthvn jayanthvn requested a review from a team as a code owner November 21, 2022 21:43
@jayanthvn
Copy link
Contributor Author

Have triggered integration tests - https://github.com/aws/amazon-vpc-cni-k8s/actions/runs/3518362106.

Will need both arch tests - AMD and ARM before merge.

@jayanthvn jayanthvn requested a review from achevuru November 21, 2022 21:45
@jayanthvn jayanthvn changed the title Update golang to 1.19-bullseye Update golang 1.19.2 EKS-D Nov 22, 2022
@jayanthvn
Copy link
Contributor Author

Integration tests are failing, will try locally before the merge.

@jayanthvn
Copy link
Contributor Author

CNI tests -

=== RUN   TestCNIPodNetworking
Running Suite: CNI Pod Networking Suite - /home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni
==================================================================================================================
Random Seed: 1669157529

Will run 15 of 15 specs
Kubeconfig user entry is using deprecated API version client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to update.
------------------------------
• [SLOW TEST] [150.293 seconds]
[CANARY] test service connectivity when a deployment behind clb service is created clb service pod should be reachable
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/service_connectivity_test.go:150
------------------------------
• [SLOW TEST] [142.247 seconds]
[CANARY] test service connectivity when a deployment behind nlb service is created nlb service pod should be reachable
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/service_connectivity_test.go:160
------------------------------
• [SLOW TEST] [188.241 seconds]
[CANARY] test service connectivity when a deployment behind cluster IP is created clusterIP service pod should be reachable
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/service_connectivity_test.go:168
------------------------------
• [SLOW TEST] [150.365 seconds]
[CANARY] test service connectivity when a deployment behind node port is created node port service pod should be reachable
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/service_connectivity_test.go:176
------------------------------
Kubeconfig user entry is using deprecated API version client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to update.
• [SLOW TEST] [180.635 seconds]
test host networking when pods using IP from primary and secondary ENI are created should have correct host networking setup when running and cleaned up once terminated
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/host_networking_test.go:61
------------------------------
• [SLOW TEST] [248.586 seconds]
test host networking when pods using IP from primary and secondary ENI are created Validate Host Networking setup after changing MTU and Veth Prefix
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/host_networking_test.go:104
------------------------------
• [SLOW TEST] [88.662 seconds]
test host networking when host networking is tested on invalid input tester pod should error out
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/host_networking_test.go:151
------------------------------
• [SLOW TEST] [154.459 seconds]
Test pod networking with prefix delegation enabled when testing TCP traffic between client and server pods should have 99+% success rate
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/pod_traffic_test_PD_enabled.go:60
------------------------------
• [SLOW TEST] [124.412 seconds]
Test pod networking with prefix delegation enabled when testing UDP traffic between client and server pods should have 99+% success rate
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/pod_traffic_test_PD_enabled.go:72
------------------------------
• [SLOW TEST] [89.853 seconds]
test pod networking when testing ICMP traffic should allow ICMP traffic
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/pod_traffic_test.go:183
------------------------------
• [SLOW TEST] [107.927 seconds]
test pod networking [CANARY][SMOKE] when establishing UDP connection from tester to server connection should be established
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/pod_traffic_test.go:216
------------------------------
Kubeconfig user entry is using deprecated API version client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to update.
• [SLOW TEST] [100.050 seconds]
test pod networking [CANARY][SMOKE] when establishing TCP connection from tester to server should allow connection across nodes and across interface types
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/pod_traffic_test.go:255
------------------------------
• [SLOW TEST] [126.363 seconds]
aws-node env test aws-node environment variable AWS_VPC_K8S_CNI_LOG_FILE test
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/vpc_cni_logfile_test.go:65
------------------------------
• [SLOW TEST] [72.331 seconds]
Test pod networking with prefix delegation enabled <-> disabled when testing TCP traffic between client and server pods on enabling PD should have 99+% success rate
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/pod_traffic_test_PD_toggle.go:75
------------------------------
• [SLOW TEST] [172.468 seconds]
Test pod networking with prefix delegation enabled <-> disabled when testing TCP traffic between client and server pods on disabling PD should have 99+% success rate
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/cni/pod_traffic_test_PD_toggle.go:104
------------------------------

Ran 15 of 15 Specs in 2229.809 seconds
SUCCESS! -- 15 Passed | 0 Failed | 0 Pending | 0 Skipped
--- PASS: TestCNIPodNetworking (2229.81s)
PASS

Ginkgo ran 1 suite in 38m7.703186091s
Test Suite Passed

@jayanthvn
Copy link
Contributor Author

IPAMD -

(seems like 1 flaky test)

Summarizing 1 Failure:
  [TIMEDOUT] [CANARY][SMOKE] ENI/IP Leak Test ENI/IP Released on Pod Deletion [It] Verify that on Pod Deletion, ENI/IP State is restored
  /home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/ipamd/eni_ip_leak_test.go:26

Ran 26 of 26 Specs in 3638.174 seconds
FAIL! - Suite Timeout Elapsed -- 25 Passed | 1 Failed | 0 Pending | 0 Skipped
Timedout
  In [It] at: /home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/ipamd/eni_ip_leak_test.go:26

  This is the Progress Report generated when the timeout occurred:
    [CANARY][SMOKE] ENI/IP Leak Test ENI/IP Released on Pod Deletion Verify that on Pod Deletion, ENI/IP State is restored (Spec Runtime: 2m15.97s)
      /home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/ipamd/eni_ip_leak_test.go:26
      In [It] (Node Runtime: 2m15.97s)
        /home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/ipamd/eni_ip_leak_test.go:26
        At [By Step] Validating that count of ENI/IP is same as before (Step Runtime: 1m17.775s)
          /home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/ipamd/eni_ip_leak_test.go:54

        Spec Goroutine
        goroutine 2406 [sleep, 2 minutes]
          time.Sleep(0x1bf08eb000)
            /usr/bin/go/src/runtime/time.go:195
        > github.com/aws/amazon-vpc-cni-k8s/test/integration/ipamd.glob..func2.1.1()
            /home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/ipamd/eni_ip_leak_test.go:59
              | for i := 0; i < 3; i++ {
              | 	// It takes some time to unassign IP addresses
              > 	time.Sleep(120 * time.Second)
              | 	ip, eni = getCountOfIPandENIOnPrimaryInstance()
              | 	if ip == oldIP {

@jayanthvn jayanthvn added this to the v1.12.1 milestone Nov 23, 2022
@jayanthvn
Copy link
Contributor Author

Flaky test focused run -

• [SLOW TEST] [220.236 seconds]
[CANARY][SMOKE] ENI/IP Leak Test ENI/IP Released on Pod Deletion Verify that on Pod Deletion, ENI/IP State is restored
/home/varavaj/github/go_bullseye/amazon-vpc-cni-k8s/test/integration/ipamd/eni_ip_leak_test.go:26
------------------------------
SSSSSSSSS

Ran 1 of 26 Specs in 311.897 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 25 Skipped
PASS | FOCUSED

@jdn5126 jdn5126 merged commit c5c31de into aws:master Nov 23, 2022
jdn5126 added a commit that referenced this pull request Dec 12, 2022
* create publisher with logger (#2119)

* Add missing rules when NodePort support is disabled (#2026)

* Add missing rules when NodePort support is disabled

* the rules that need to be installed for NodePort support and SNAT
  support are very similar. The same traffic mark is needed for both. As
  a result, rules that are currently installed only when NodePort
  support is enabled should also be installed when external SNAT is
  disabled, which is the case by default.
* remove "-m state --state NEW" from a rule in the nat table. This is
  always true for packets that traverse the nat table.
* fix typo in one rule's name (extra whitespace).

Fixes #2025

Co-authored-by: Quan Tian <[email protected]>

Signed-off-by: Antonin Bas <[email protected]>

* Fix typos and unit tests

Signed-off-by: Antonin Bas <[email protected]>

* Minor improvement to code comment

Signed-off-by: Antonin Bas <[email protected]>

* Address review comments

* Delete legacy nat rule
* Fix an unrelated log message

Signed-off-by: Antonin Bas <[email protected]>

Signed-off-by: Antonin Bas <[email protected]>
Co-authored-by: Jayanth Varavani <[email protected]>
Co-authored-by: Sushmitha Ravikumar <[email protected]>

* downgrade test go.mod to align with root go.mod (#2128)

* skip addon installation when addon info is not available (#2131)

* Merging test/Makefile and test/go.mod to the root Makefil and go.mod, adjust the .github/workflows and integration test instructions (#2129)

* update troubleshooting docs for CNI image (#2132)

fix location where make command is run

* fix env name in test script (#2136)

* optionally allow CLUSTER_ENDPOINT to be used rather than the cluster-ip (#2138)

* optionally allow CLUSTER_ENDPOINT to be used rather than the kubernetes cluster ip

* remove check for kube-proxy

* add version to readme

* Add resources config option to cni metrics helper (#2141)

* Add resources config option to cni metrics helper

* Remove default-empty resources block; replace with conditional

* Add metrics for ec2 api calls made by CNI and expose via prometheus (#2142)

Co-authored-by: Jay Deokar <[email protected]>

* increase workflow role duration to 4 hours (#2148)

* Update golang 1.19.2 EKS-D (#2147)

* Update golang

* Move to EKS distro builds

* [HELM]: Move CRD resources to a separate folder as per helm standard (#2144)

Co-authored-by: Jay Deokar <[email protected]>

* VPC-CNI minimal image builds (#2146)

* VPC-CNI minimal image builds

* update dependencies for ginkgo when running integration tests

* address review comments and break up init main function

* review comments for sysctl

* Simplify binary installation, fix review comments

Since init container is required to always run, let binary installation
for external plugins happen in init container. This simplifies the main
container entrypoint and the dockerfile for each image.

* when IPAMD connection fails, try to teardown pod network using prevResult (#2145)

* add env var to enable nftables (#2155)

* fix failing weekly cron tests (#2154)

* Deprecate AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER and remove no-op setter (#2153)

* Deprecate AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER

* update release version comments

Signed-off-by: Antonin Bas <[email protected]>
Co-authored-by: Jeffrey Nelson <[email protected]>
Co-authored-by: Antonin Bas <[email protected]>
Co-authored-by: Jayanth Varavani <[email protected]>
Co-authored-by: Sushmitha Ravikumar <[email protected]>
Co-authored-by: Jerry He <[email protected]>
Co-authored-by: Brandon Wagner <[email protected]>
Co-authored-by: Jonathan Ogilvie <[email protected]>
Co-authored-by: Jay Deokar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants