The commit is an incremental step to migrate AWS API calls
to AWS SDK v2. This only focuses on logics to get the default region
from loaded config for the survey.
Filter out AI zones when discovering zones in the region. AI zones
do not have quota for general compute resources, so we should not provision
nodes there by default.
* pkg/destroy/aws/ec2helpers.go
** the bulk of the changes are to the ec2helpers file. All of the sdk v1 imports
are removed except for session as this one is engrained too many files currently.
pkg/destroy/aws/aws.go
** Add a client for ELB ELBV2 and IAM to the Cluster Removal Struct. Even though
these changes are mainly to ec2helpers, the other clients were required in for
certain operations.
** The rest of the file updates are alter ARN import to come from aws sdk v2.
* pkg/destroy/aws/iamhelpers.go
** Remove/Change all imports from AWS sdk v1 to v2.
pkg/destroy/aws/errors.go
pkg/destroy/aws/ec2helpers.go
** Remove the Error checking/formatting function from ec2helpers and put the function
in the errors.go file.
* pkg/destroy/aws/elbhelpers.go
** Remove all SDK v1 imports from elb helpers.
* Add reference to correct HandleErrorCode function.
* pkg/destroy/aws/aws.go
** Update Route53, s3, and efs services to sdk v2. This is slowly removing the
requirement for aws session.
* ** Vendor updates for S3 and EFS services.
** This caused updates to other packages such as aws/config, credentials, stscreds, and
a list of aws internal packages.
* Clean up references and use the exported config creator to create new clients in destroyer.
* ** Migrate the use of resource tagging api to the sdk V2.
pkg/destroy/aws:
** Alter the function name from HandleErrorCode to handleErrorCode. The initial thought was that
this function could be used in other areas of the code, but it will remain in destroy for now.
pkg/destroy/aws/shared.go:
** Remove the session import and uses in the file.
* Fix references to HandleErrorCode.
* kg/destroy/aws/aws.go:
** Remove session from the imports. Added the agent handler to the configurations.
* Fix package updates for vendoring.
* Use the correct private and public zone clients.
Set a Destroy User Agent.
Cleanup pointer references to use the aws sdk.
* The ListUsers API call does not return tags for the IAM users in the
response. There is a separate call ListUserTags to fetch its tag for
checking in the installer code.
* rebase: fix other imports after rebase
* revert: use GetRole/GetUser to fetch tags
An older commit uses ListRoleTags/ListUserTags in order to save
bandwidth by fetching only tags. However, the minimal permission
required for the installer does not have permission iam:ListUserTags or
iam:ListRoleTags, thus causing the deprovisioning to skip users and
roles. This is part of the reasons for previous CI leaks.
This commit reverts the optimisation idea to just user GetRole/GetUser,
which should have sufficient minimal permission policy.
---------
Co-authored-by: barbacbd <barbacbd@gmail.com>
** While the regional support is valid, we will not be using this in openshift. Regional support
requires that each api have its own endpoint. Only one api is associated with an endpoint, and managing
this access will be difficult and unnessary at this time.
In order to attach IPv6 addresses to the ENI of EC2 instances, the
instance type must support IPv6 networking. The installer must validate
it by inspecting the networking capabilities of instance type via EC2
API calls.
The agent-ui service was previously updated to 'Type=notify' to improve startup ordering and reliability.
However, the lack of container monitor '--sdnotify=conmon' flag, resulted in UI URL to be not displayed on the TUI.
Without this flag, agent-ui systemd waits for a readiness signal which never comes and the service remains in 'activating' state.
This causes the TUI availability check to fail, making the user only see "Waiting for services" instead of UI URL
( even though the UI is already avaialble via the usual URL)
This commit adds the missing flag, ensuring the notification handshake between the container running UI and the agent-ui systemd completes successfully and unblocking the TUI. This commit also fixes the stale dependency in agent-register-infraenv related to agent-ui systemd naming.
pkg/types/gcp/machinepools.go:
Include the n4a instance type in the map as well as the (current) supported disk types:
- hyperdisk-balanced
pkg/asset/installconfig/gcp/validation.go:
Include n4a in the types of arm instance families.
Update the GCP provider reference so that N4A instances can be validated.
Note: govmomi was set to v0.51.0 because the MAPI updates were causing an automatic
update to v0.52.0 resulting in build issues that have no current solution.
Based on install-config input, update IPFamily in AWSPlatformStatus
and AzurePlatformStatus fields within the Infrastructure manifest.
Update unit tests to verify Infra manifest creation.
* azure: validate cluster name against Azure reserved words
Azure prohibits the use of certain reserved words and trademarks
in resource names. This change adds validation to reject cluster
names containing any of the 43 reserved words documented by Azure,
preventing deployment failures with ReservedResourceName errors.
Reserved words checked include:
- Complete reserved words (40): AZURE, OFFICE, EXCHANGE, etc.
- Substring forbidden (2): MICROSOFT, WINDOWS
- Prefix forbidden (1): LOGIN
* update the checking logic on reserved words
* fix the gofmt issues
CAPZ filters ASO CRDs so it only includes a small subset of ASO CRDs.
Prior to this commit, we were not filtering ASO CRDs, which leads to
a bug when ASO and CAPZ create conflicting CRDs. By filtering the ASO
CRDs in the same manner as CAPZ we can avoid the bug.
