Merge pull request #18846 from spowelljr/fixAndUpdateCiliumCNI

CNI cilium: Fix and update to v1.15.3

Author: spowelljr

.github/workflows/update-cilium-version.yml

@@ -0,0 +1,48 @@
+name: "update-cilium-version"
+on:
+  workflow_dispatch:
+  schedule:
+    # every Monday at around 3 am pacific/10 am UTC
+    - cron: "0 10 * * 1"
+env:
+  GOPROXY: https://proxy.golang.org
+  GO_VERSION: '1.22.1'
+permissions:
+  contents: read
+
+jobs:
+  bump-cilium-version:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
+      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        with:
+          go-version: ${{env.GO_VERSION}}
+      - name: Bump cilium version
+        id: bumpCilium
+        run: |
+          echo "OLD_VERSION=$(DEP=cilium make get-dependency-version)" >> "$GITHUB_OUTPUT"
+          make update-cilium-version
+          echo "NEW_VERSION=$(DEP=cilium make get-dependency-version)" >> "$GITHUB_OUTPUT"
+          # The following is to support multiline with GITHUB_OUTPUT, see https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+          echo "changes<<EOF" >> "$GITHUB_OUTPUT"
+          echo "$(git status --porcelain)" >> "$GITHUB_OUTPUT"
+          echo "EOF" >> "$GITHUB_OUTPUT"
+      - name: Create PR
+        if: ${{ steps.bumpCilium.outputs.changes != '' }}
+        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
+        with:
+          token: ${{ secrets.MINIKUBE_BOT_PAT }}
+          commit-message: 'CNI: Update cilium from ${{ steps.bumpCilium.outputs.OLD_VERSION }} to ${{ steps.bumpCilium.outputs.NEW_VERSION }}'
+          committer: minikube-bot <[email protected]>
+          author: minikube-bot <[email protected]>
+          branch: auto_bump_cilium_version
+          push-to-fork: minikube-bot/minikube
+          base: master
+          delete-branch: true
+          title: 'CNI: Update cilium from ${{ steps.bumpCilium.outputs.OLD_VERSION }} to ${{ steps.bumpCilium.outputs.NEW_VERSION }}'
+          labels: ok-to-test
+          body: |
+            The cilium project released a [new version](https://github.com/cilium/cilium)
+
+            This PR was auto-generated by `make update-cilium-version` using [update-cilium-version.yml](https://github.com/kubernetes/minikube/tree/master/.github/workflows/update-cilium-version.yml) CI Workflow.

Makefile

@@ -1227,6 +1227,11 @@ update-site-node-version:
 	(cd hack/update/site_node_version && \
 	 go run update_site_node_version.go)
 
+.PHONY: update-cilium-version
+update-cilium-version:
+	(cd hack/update/cilium_version && \
+	 go run update_cilium_version.go)
+
 .PHONY: get-dependency-verison
 get-dependency-version:
 	@(cd hack/update/get_version && \

hack/update/cilium_version/update_cilium_version.go

@@ -0,0 +1,78 @@
+/*
+Copyright 2024 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"time"
+
+	"k8s.io/klog/v2"
+	"k8s.io/minikube/hack/update"
+)
+
+func main() {
+	if _, err := exec.LookPath("helm"); err != nil {
+		klog.Fatal("helm not found on system, either install or add to PATH")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	defer cancel()
+
+	stable, _, _, err := update.GHReleases(ctx, "cilium", "cilium")
+	if err != nil {
+		klog.Fatalf("Unable to get stable version: %v", err)
+	}
+	version := strings.TrimPrefix(stable.Tag, "v")
+
+	// Add the cilium repo to helm
+	if err := exec.Command("helm", "repo", "add", "cilium", "https://helm.cilium.io/").Run(); err != nil {
+		klog.Fatal(err)
+	}
+
+	// Generate the cilium YAML
+	yamlBytes, err := exec.Command("helm", "template", "cilium", "cilium/cilium", "--version", version, "--namespace", "kube-system").Output()
+	if err != nil {
+		klog.Fatal(err)
+	}
+	yaml := string(yamlBytes)
+
+	// Remove the cilium/templates/cilium-ca-secret.yaml section
+	re := regexp.MustCompile(`# Source: cilium\/templates\/cilium-ca-secret\.yaml(\n.*?)+---\n`)
+	yaml = re.ReplaceAllString(yaml, "")
+
+	// Remove the cilium/templates/hubble/tls-helm/server-secret.yaml section
+	re = regexp.MustCompile(`# Source: cilium\/templates\/hubble\/tls-helm\/server-secret\.yaml(\n.*?)+---\n`)
+	yaml = re.ReplaceAllString(yaml, "")
+
+	// Replace `cluster-pool-ipv4-cidr` with PodSubnet template
+	re = regexp.MustCompile(`10\.0\.0\.0\/8`)
+	yaml = re.ReplaceAllString(yaml, "{{ .PodSubnet }}")
+
+	// Change replicas to 1
+	re = regexp.MustCompile(`replicas:.+`)
+	yaml = re.ReplaceAllString(yaml, "replicas: 1")
+
+	filename := filepath.Join(update.FSRoot, "pkg/minikube/cni/cilium.yaml")
+	if err := os.WriteFile(filename, []byte(yaml), 0644); err != nil {
+		klog.Fatal(err)
+	}
+}

hack/update/get_version/get_version.go

@@ -35,6 +35,7 @@ type dependency struct {
 var dependencies = map[string]dependency{
 	"buildkit":                {"deploy/iso/minikube-iso/arch/x86_64/package/buildkit-bin/buildkit-bin.mk", `BUILDKIT_BIN_VERSION = (.*)`},
 	"calico":                  {"pkg/minikube/bootstrapper/images/images.go", `calicoVersion = "(.*)"`},
+	"cilium":                  {"pkg/minikube/cni/cilium.yaml", `quay.io/cilium/cilium:(.*)@`},
 	"cloud-spanner":           {addonsFile, `cloud-spanner-emulator/emulator:(.*)@`},
 	"cni-plugins":             {"deploy/iso/minikube-iso/arch/x86_64/package/cni-plugins-latest/cni-plugins-latest.mk", `CNI_PLUGINS_LATEST_VERSION = (.*)`},
 	"containerd":              {"deploy/iso/minikube-iso/arch/x86_64/package/containerd-bin/containerd-bin.mk", `CONTAINERD_BIN_VERSION = (.*)`},