update

azure/Makefile

@@ -33,7 +33,7 @@ create-templates:
 	@yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json
 
 create-deployments:
-	helm template --namespace=kube-system   --version=1.12.5 -f deployments/cilium.yaml cilium \
+	helm template --namespace=kube-system   --version=1.12.6 -f deployments/cilium.yaml cilium \
 		cilium/cilium > deployments/cilium-result.yaml
 	helm template --namespace=kube-system -f deployments/azure-autoscaler.yaml cluster-autoscaler-azure \
 		autoscaler/cluster-autoscaler > deployments/azure-autoscaler-result.yaml

azure/deployments/azure-autoscaler-result.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
   namespace: kube-system
 spec:
@@ -26,7 +26,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
   namespace: kube-system
 automountServiceAccountToken: true
@@ -55,7 +55,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
 rules:
   - apiGroups:
@@ -196,7 +196,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -215,7 +215,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
   namespace: kube-system
 rules:
@@ -244,7 +244,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
   namespace: kube-system
 roleRef:
@@ -264,7 +264,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
   namespace: kube-system
 spec:
@@ -288,7 +288,7 @@ metadata:
     app.kubernetes.io/instance: "cluster-autoscaler-azure"
     app.kubernetes.io/name: "azure-cluster-autoscaler"
     app.kubernetes.io/managed-by: "Helm"
-    helm.sh/chart: "cluster-autoscaler-9.21.1"
+    helm.sh/chart: "cluster-autoscaler-9.23.0"
   name: cluster-autoscaler-azure
   namespace: kube-system
 spec:

azure/deployments/azure-csi-node.yaml

@@ -65,7 +65,7 @@ spec:
           volumeMounts:
             - mountPath: /csi
               name: socket-dir
-          image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.6.0
+          image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.8.0
           args:
             - --csi-address=/csi/csi.sock
             - --probe-timeout=3s
@@ -78,7 +78,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: node-driver-registrar
-          image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.5.0
+          image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.6.2
           args:
             - --csi-address=$(ADDRESS)
             - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
@@ -108,14 +108,15 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: azuredisk
-          image: mcr.microsoft.com/k8s/csi/azuredisk-csi:latest
+          image: mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.2
           imagePullPolicy: IfNotPresent
           args:
-            - "--v=12"
+            - "--v=5"
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
             - "--metrics-address=0.0.0.0:29605"
             - "--enable-perf-optimization=true"
+            - "--allow-empty-cloud-config=true"
             - "--get-node-info-from-labels=false"
           ports:
             - containerPort: 29603

azure/deployments/azure-csi.yaml

@@ -225,17 +225,19 @@ spec:
       priorityClassName: system-cluster-critical
       containers:
         - name: csi-provisioner
-          image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v3.1.0
+          image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v3.3.0
           args:
             - "--feature-gates=Topology=true"
             - "--csi-address=$(ADDRESS)"
             - "--v=2"
-            - "--timeout=15s"
+            - "--timeout=30s"
             - "--leader-election"
             - "--leader-election-namespace=kube-system"
-            - "--worker-threads=40"
+            - "--worker-threads=100"
             - "--extra-create-metadata=true"
             - "--strict-topology=true"
+            - "--kube-api-qps=50"
+            - "--kube-api-burst=100"
           env:
             - name: ADDRESS
               value: /csi/csi.sock
@@ -249,14 +251,16 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: csi-attacher
-          image: mcr.microsoft.com/oss/kubernetes-csi/csi-attacher:v3.4.0
+          image: mcr.microsoft.com/oss/kubernetes-csi/csi-attacher:v4.0.0
           args:
             - "-v=2"
             - "-csi-address=$(ADDRESS)"
-            - "-timeout=600s"
+            - "-timeout=1200s"
             - "-leader-election"
             - "--leader-election-namespace=kube-system"
             - "-worker-threads=500"
+            - "-kube-api-qps=50"
+            - "-kube-api-burst=100"
           env:
             - name: ADDRESS
               value: /csi/csi.sock
@@ -289,7 +293,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: csi-resizer
-          image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.4.0
+          image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.6.0
           args:
             - "-csi-address=$(ADDRESS)"
             - "-v=2"
@@ -311,7 +315,7 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: liveness-probe
-          image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.6.0
+          image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.8.0
           args:
             - --csi-address=/csi/csi.sock
             - --probe-timeout=3s
@@ -327,10 +331,10 @@ spec:
               cpu: 10m
               memory: 20Mi
         - name: azuredisk
-          image: mcr.microsoft.com/k8s/csi/azuredisk-csi:latest
+          image: mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.26.2
           imagePullPolicy: IfNotPresent
           args:
-            - "--v=4"
+            - "--v=5"
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--metrics-address=0.0.0.0:29604"
             - "--user-agent-suffix=OSS-kubectl"

azure/deployments/cilium-result.yaml

@@ -144,7 +144,7 @@ data:
   enable-host-firewall: "true"
   # List of devices used to attach bpf_host.o (implements BPF NodePort,
   # host-firewall and BPF masquerading)
-  devices: "eth+"
+  devices: "eth+ wg+"
 
   kube-proxy-replacement: "strict"
   kube-proxy-replacement-healthz-bind-address: ""
@@ -551,7 +551,7 @@ spec:
     spec:
       containers:
       - name: cilium-agent
-        image: "quay.io/cilium/cilium:v1.12.5@sha256:06ce2b0a0a472e73334a7504ee5c5d8b2e2d7b72ef728ad94e564740dd505be5"
+        image: "quay.io/cilium/cilium:v1.12.6@sha256:454134506b0448c756398d3e8df68d474acde2a622ab58d0c7e8b272b5867d0d"
         imagePullPolicy: IfNotPresent
         command:
         - cilium-agent
@@ -686,7 +686,7 @@ spec:
           mountPath: /run/xtables.lock
       initContainers:
       - name: clean-cilium-state
-        image: "quay.io/cilium/cilium:v1.12.5@sha256:06ce2b0a0a472e73334a7504ee5c5d8b2e2d7b72ef728ad94e564740dd505be5"
+        image: "quay.io/cilium/cilium:v1.12.6@sha256:454134506b0448c756398d3e8df68d474acde2a622ab58d0c7e8b272b5867d0d"
         imagePullPolicy: IfNotPresent
         command:
         - /init-container.sh
@@ -813,14 +813,14 @@ spec:
     metadata:
       annotations:
         # ensure pods roll when configmap updates
-        cilium.io/cilium-configmap-checksum: "93ed3047796c548140dd014145d2cb313155de38c36595eb2f05f60856400ae5"
+        cilium.io/cilium-configmap-checksum: "5e23bd083a707099be04c9822a92e7ebf88fb85dff685037eca164fcf07a0662"
       labels:
         io.cilium/app: operator
         name: cilium-operator
     spec:
       containers:
       - name: cilium-operator
-        image: "quay.io/cilium/operator-generic:v1.12.5@sha256:b296eb7f0f7656a5cc19724f40a8a7121b7fd725278b7d61dc91fe0b7ffd7c0e"
+        image: "quay.io/cilium/operator-generic:v1.12.6@sha256:eec4430d222cb2967d42d3b404d2606e66468de47ae85e0a3ca3f58f00a5e017"
         imagePullPolicy: IfNotPresent
         command:
         - cilium-operator-generic

azure/deployments/cilium.yaml

@@ -22,7 +22,7 @@ localRedirectPolicy: true
 
 tunnel: "vxlan"
 autoDirectNodeRoutes: false
-devices: [eth+]
+devices: [eth+,wg+]
 
 healthChecking: true