From 8a6e3caef62b432d006bed028bb5bce9acb0dd4b Mon Sep 17 00:00:00 2001 From: speruri Date: Tue, 1 Jul 2025 14:38:36 +0200 Subject: [PATCH 01/13] test skipper-ingress with eks karpenter Signed-off-by: speruri --- cluster/manifests/ingress-controller/01-rbac.yaml | 9 +++++++++ cluster/manifests/ingress-controller/deployment.yaml | 5 ++++- cluster/manifests/skipper/deployment.yaml | 3 --- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/cluster/manifests/ingress-controller/01-rbac.yaml b/cluster/manifests/ingress-controller/01-rbac.yaml index c5def0f41a..5856cffe59 100644 --- a/cluster/manifests/ingress-controller/01-rbac.yaml +++ b/cluster/manifests/ingress-controller/01-rbac.yaml @@ -45,6 +45,15 @@ rules: verbs: - patch - update +- apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 2a82408b7e..e1bd0f1995 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -37,7 +37,10 @@ spec: - name: controller image: "{{ $image }}" args: - - --target-access-mode=HostPort + - --ip-addr-type=dualstack + - --target-access-mode=AWSCNI + - --target-cni-namespace=kube-system + - --target-cni-pod-labelselector=application=skipper-ingress,component=ingress - --stack-termination-protection - --ssl-policy={{ .Cluster.ConfigItems.kube_aws_ingress_controller_ssl_policy }} - --idle-connection-timeout={{ .Cluster.ConfigItems.kube_aws_ingress_controller_idle_timeout }} diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index eec74c5165..d0df4b9381 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -96,7 +96,6 @@ spec: serviceAccountName: skipper-ingress terminationGracePeriodSeconds: {{ .Cluster.ConfigItems.skipper_termination_grace_period }} dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true containers: - name: skipper-ingress image: "{{ .image }}" @@ -104,12 +103,10 @@ spec: ports: - name: ingress-port containerPort: 9999 - hostPort: 9999 protocol: TCP {{ if or (eq .Cluster.ConfigItems.nlb_switch "pre") (eq .Cluster.ConfigItems.nlb_switch "exec") }} - name: http-redirect containerPort: 9998 - hostPort: 9998 protocol: TCP {{ end }} env: From 2d4e9aecec22ff5a6b7fc7d8e81d38975c87712e Mon Sep 17 00:00:00 2001 From: speruri Date: Wed, 2 Jul 2025 22:52:23 +0200 Subject: [PATCH 02/13] update ingress controller to now by default use dualstack nlbs and albs Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index e1bd0f1995..79b3b6846e 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: "{{ $version }}" + version: v0.17.6-dirty spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: "{{ $version }}" + version: v0.17.6-dirty annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: "{{ $image }}" + image: container-registry-test.zalando.net/gwproxy/kube-ingress-aws-controller-test-ingress-eks-karp-ipv6:v0.17.6-dirty args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 7aefaceb33e268a8596ce7236e31ca89d9384dea Mon Sep 17 00:00:00 2001 From: speruri Date: Wed, 2 Jul 2025 23:09:12 +0200 Subject: [PATCH 03/13] use new image Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 79b3b6846e..46c86f43c3 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: v0.17.6-dirty + version: v0.17.6-1-gba9904f spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: v0.17.6-dirty + version: v0.17.6-1-gba9904f annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: container-registry-test.zalando.net/gwproxy/kube-ingress-aws-controller-test-ingress-eks-karp-ipv6:v0.17.6-dirty + image: container-registry-test.zalando.net/gwproxy/kube-ingress-aws-controller-test:v0.17.6-1-gba9904f args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 56258dfb1b2ae1e9c8f8478b5d74d7778912ecf7 Mon Sep 17 00:00:00 2001 From: speruri Date: Thu, 3 Jul 2025 11:18:44 +0200 Subject: [PATCH 04/13] use the ecr url directly Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 46c86f43c3..2ad7464b53 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: container-registry-test.zalando.net/gwproxy/kube-ingress-aws-controller-test:v0.17.6-1-gba9904f + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:v0.17.6-1-gba9904f args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 2c7606ea533bba4f1427a1de23ce99bb4daeb84a Mon Sep 17 00:00:00 2001 From: speruri Date: Tue, 15 Jul 2025 01:47:11 +0200 Subject: [PATCH 05/13] use latest controller image Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 1f7a451f0f..385d35e17b 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: v0.17.6-1-gba9904f + version: v0.17.7-3-g6a6f9da spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: v0.17.6-1-gba9904f + version: v0.17.7-3-g6a6f9da annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:v0.17.6-1-gba9904f + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:v0.17.7-3-g6a6f9da args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 780d4ac02a7e9590443759f34166ff173c6c2b3a Mon Sep 17 00:00:00 2001 From: speruri Date: Tue, 15 Jul 2025 12:09:41 +0200 Subject: [PATCH 06/13] use amd image Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 385d35e17b..38891b5bc2 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: v0.17.7-3-g6a6f9da + version: v0.17.7-3-g6a6f9da-dirty spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: v0.17.7-3-g6a6f9da + version: v0.17.7-3-g6a6f9da-dirty annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:v0.17.7-3-g6a6f9da + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:v0.17.7-3-g6a6f9da-dirty args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 9ceb5269f5b76e3b1cda0b2951b18d017f10b681 Mon Sep 17 00:00:00 2001 From: speruri Date: Wed, 16 Jul 2025 20:53:46 +0200 Subject: [PATCH 07/13] use multiarch image from the controller --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 38891b5bc2..6262922110 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: v0.17.7-3-g6a6f9da-dirty + version: pr-750-5 spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: v0.17.7-3-g6a6f9da-dirty + version: pr-750-5 annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:v0.17.7-3-g6a6f9da-dirty + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller:pr-750-5 args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From fbeaa288ed67c90a197b6dc9b7736ef5d14f9244 Mon Sep 17 00:00:00 2001 From: speruri Date: Wed, 16 Jul 2025 21:15:08 +0200 Subject: [PATCH 08/13] use gwproxy namespace image Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 6262922110..c44426ba11 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: pr-750-5 + version: pr-750-6 spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: pr-750-5 + version: pr-750-6 annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller:pr-750-5 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:pr-750-6 args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From bc1d61f8a084f06ca0028d9eb04889495e61b253 Mon Sep 17 00:00:00 2001 From: speruri Date: Wed, 16 Jul 2025 21:27:24 +0200 Subject: [PATCH 09/13] use teapot namespace itself Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index c44426ba11..ad05bfe9cb 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: pr-750-6 + version: pr-750-7 spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: pr-750-6 + version: pr-750-7 annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/gwproxy/kube-ingress-aws-controller-test:pr-750-6 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-750-7 args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 6780529e6ee5caf40e7b256ac56c14a870c9a53a Mon Sep 17 00:00:00 2001 From: speruri Date: Thu, 17 Jul 2025 09:57:28 +0200 Subject: [PATCH 10/13] use only multiarch image Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index ad05bfe9cb..c2e8759201 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: pr-750-7 + version: pr-750-8 spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: pr-750-7 + version: pr-750-8 annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-750-7 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-750-8 args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 0b24780e73d48edd8fa2f6e7fe3cc707010568ed Mon Sep 17 00:00:00 2001 From: speruri Date: Thu, 17 Jul 2025 10:15:24 +0200 Subject: [PATCH 11/13] change target type ip to dual stack Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index c2e8759201..3d79c935b4 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: pr-750-8 + version: pr-750-9 spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: pr-750-8 + version: pr-750-9 annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-750-8 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-750-9 args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From 5d31fcfa2c6bf8cbbeea0ec11fb40e7bf98ac41f Mon Sep 17 00:00:00 2001 From: speruri Date: Fri, 25 Jul 2025 11:28:25 +0200 Subject: [PATCH 12/13] use latest controller image Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 3d79c935b4..7d5af36e5e 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: pr-750-9 + version: pr-752-6 spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: pr-750-9 + version: pr-752-6 annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-750-9 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-752-6 args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI From ac95ccfaa2a5aa4aecdd6570c9c6b30e1b4aaf8a Mon Sep 17 00:00:00 2001 From: speruri Date: Fri, 25 Jul 2025 17:38:05 +0200 Subject: [PATCH 13/13] use latest controller image Signed-off-by: speruri --- cluster/manifests/ingress-controller/deployment.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 1db78b7645..43dd3a62f6 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -8,7 +8,7 @@ metadata: namespace: kube-system labels: application: kube-ingress-aws-controller - version: pr-752-6 + version: pr-752-7 spec: replicas: 1 selector: @@ -18,7 +18,7 @@ spec: metadata: labels: application: kube-ingress-aws-controller - version: pr-752-6 + version: pr-752-7 annotations: kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] @@ -35,7 +35,7 @@ spec: serviceAccountName: kube-ingress-aws-controller containers: - name: controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-752-6 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/staging_namespace/teapot/kube-ingress-aws-controller-test-eks:pr-752-7 args: - --ip-addr-type=dualstack - --target-access-mode=AWSCNI