Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for VPC Resource Controller's CNINode (reintroduce #2442) #2503

Merged
merged 2 commits into from
Aug 22, 2023
Merged

Add support for VPC Resource Controller's CNINode (reintroduce #2442) #2503

merged 2 commits into from
Aug 22, 2023

Conversation

jdn5126
Copy link
Contributor

@jdn5126 jdn5126 commented Aug 21, 2023

What type of PR is this?
feature

Which issue does this PR fix:
N/A

What does this PR do / Why do we need it:
This PR reintroduces #2442 following the controller-runtime upgrade and other conflicts. This PR adds support for patching the CNINode resource during IPAMD initialization.

NOTE: this PR removes update permission for the node resource from the ClusterRole. This will be expanded in the release note.

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
N/A

Testing done on this change:
Verified that all integration tests pass and verified that SGPP works manually. Verified upgrade and downgrade path.

Automation added to e2e:
N/A

Will this PR introduce any new dependencies?:
Yes

Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No, Yes

Does this change require updates to the CNI daemonset config files to work?:
No

Does this PR introduce any user-facing change?:
Yes

IPAMD now patches the CNINode resource for this node in order to enable security groups for pods. It no longer requests node labels, and the `update` permission has been removed from the `node` resource in the ClusterRole.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jdn5126 jdn5126 requested a review from a team as a code owner August 21, 2023 21:40
haouc
haouc approved these changes Aug 22, 2023
View reviewed changes
Copy link
Contributor

@haouc haouc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jdn5126 jdn5126 merged commit 481f2e1 into aws:master Aug 22, 2023
@jdn5126 jdn5126 deleted the cninode branch August 22, 2023 19:29
@mattburgess mattburgess mentioned this pull request Sep 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haouc haouc haouc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jdn5126 @haouc