The commit is an incremental step to migrate AWS API calls
to AWS SDK v2. This only focuses on logics to get the default region
from loaded config for the survey.
Custom DNS (userProvisionedDNS) is not supported on Azure Stack Hub. This
change adds validation to prevent users from setting userProvisionedDNS on
Azure Stack Hub.
The commit is an incremental step to migrate AWS API calls to AWS SDK
v2. This focuses on ELB/ELBv2 clients in the pkg/asset and dependent
pkg(s).
The ELB and ELBv2 clients now use SDK v2 with custom endpoint resolvers
that maintain backwards compatibility with SDK v1 service endpoint
configurations. Special handling is included for the fact that SDK v1 used
the same endpoint identifier ("elasticloadbalancing") for both ELB classic
and ELBv2, while SDK v2 uses distinct service IDs.
Filter out AI zones when discovering zones in the region. AI zones
do not have quota for general compute resources, so we should not provision
nodes there by default.
This commit is an incremental step to migrate AWS API calls
to AWS SDK v2. This focuses on handlers that retrieve the source
or provider of credentials, for example, via shared credential file
and via environment variables.
Note: these logics are to determine whether the credential provider
is static, which is safe to transfer to the cluster as-is in Mint and
Passthrough credentialsMode.
* pkg/destroy/aws/ec2helpers.go
** the bulk of the changes are to the ec2helpers file. All of the sdk v1 imports
are removed except for session as this one is engrained too many files currently.
pkg/destroy/aws/aws.go
** Add a client for ELB ELBV2 and IAM to the Cluster Removal Struct. Even though
these changes are mainly to ec2helpers, the other clients were required in for
certain operations.
** The rest of the file updates are alter ARN import to come from aws sdk v2.
* pkg/destroy/aws/iamhelpers.go
** Remove/Change all imports from AWS sdk v1 to v2.
pkg/destroy/aws/errors.go
pkg/destroy/aws/ec2helpers.go
** Remove the Error checking/formatting function from ec2helpers and put the function
in the errors.go file.
* pkg/destroy/aws/elbhelpers.go
** Remove all SDK v1 imports from elb helpers.
* Add reference to correct HandleErrorCode function.
* pkg/destroy/aws/aws.go
** Update Route53, s3, and efs services to sdk v2. This is slowly removing the
requirement for aws session.
* ** Vendor updates for S3 and EFS services.
** This caused updates to other packages such as aws/config, credentials, stscreds, and
a list of aws internal packages.
* Clean up references and use the exported config creator to create new clients in destroyer.
* ** Migrate the use of resource tagging api to the sdk V2.
pkg/destroy/aws:
** Alter the function name from HandleErrorCode to handleErrorCode. The initial thought was that
this function could be used in other areas of the code, but it will remain in destroy for now.
pkg/destroy/aws/shared.go:
** Remove the session import and uses in the file.
* Fix references to HandleErrorCode.
* kg/destroy/aws/aws.go:
** Remove session from the imports. Added the agent handler to the configurations.
* Fix package updates for vendoring.
* Use the correct private and public zone clients.
Set a Destroy User Agent.
Cleanup pointer references to use the aws sdk.
* The ListUsers API call does not return tags for the IAM users in the
response. There is a separate call ListUserTags to fetch its tag for
checking in the installer code.
* rebase: fix other imports after rebase
* revert: use GetRole/GetUser to fetch tags
An older commit uses ListRoleTags/ListUserTags in order to save
bandwidth by fetching only tags. However, the minimal permission
required for the installer does not have permission iam:ListUserTags or
iam:ListRoleTags, thus causing the deprovisioning to skip users and
roles. This is part of the reasons for previous CI leaks.
This commit reverts the optimisation idea to just user GetRole/GetUser,
which should have sufficient minimal permission policy.
---------
Co-authored-by: barbacbd <barbacbd@gmail.com>
Add NodeIPFamilies configuration to AWS cloud provider config
when dual-stack networking is enabled. The cloud provider now
sets the appropriate IP family ordering (ipv4/ipv6 or ipv6/ipv4)
based on the install config's IPFamily setting.
For dual-stack IPv4 primary clusters, NodeIPFamilies is set to:
NodeIPFamilies=ipv4
NodeIPFamilies=ipv6
For dual-stack IPv6 primary clusters, NodeIPFamilies is set to:
NodeIPFamilies=ipv6
NodeIPFamilies=ipv4
Single-stack IPv4 clusters continue to use the minimal config with an
empty Global section.
** While the regional support is valid, we will not be using this in openshift. Regional support
requires that each api have its own endpoint. Only one api is associated with an endpoint, and managing
this access will be difficult and unnessary at this time.
In order to attach IPv6 addresses to the ENI of EC2 instances, the
instance type must support IPv6 networking. The installer must validate
it by inspecting the networking capabilities of instance type via EC2
API calls.
The agent-ui service was previously updated to 'Type=notify' to improve startup ordering and reliability.
However, the lack of container monitor '--sdnotify=conmon' flag, resulted in UI URL to be not displayed on the TUI.
Without this flag, agent-ui systemd waits for a readiness signal which never comes and the service remains in 'activating' state.
This causes the TUI availability check to fail, making the user only see "Waiting for services" instead of UI URL
( even though the UI is already avaialble via the usual URL)
This commit adds the missing flag, ensuring the notification handshake between the container running UI and the agent-ui systemd completes successfully and unblocking the TUI. This commit also fixes the stale dependency in agent-register-infraenv related to agent-ui systemd naming.
pkg/types/gcp/machinepools.go:
Include the n4a instance type in the map as well as the (current) supported disk types:
- hyperdisk-balanced
pkg/asset/installconfig/gcp/validation.go:
Include n4a in the types of arm instance families.
Update the GCP provider reference so that N4A instances can be validated.
Note: govmomi was set to v0.51.0 because the MAPI updates were causing an automatic
update to v0.52.0 resulting in build issues that have no current solution.
