Manifest, Third Party License and Doc changes

YashwantGohokar · YashwantGohokar · commit 9cdc5b8b48cb · 2025-02-18T14:23:36.000+05:30
diff --git a/README.md b/README.md
@@ -34,8 +34,9 @@ cloud-provider specific code out of the Kubernetes codebase.
 | v1.26.4   | v1.26                  | -                      |
 | v1.27.3   | v1.27                  | -                      |
 | v1.28.2   | v1.28                  | -                      |
-| v1.29.1   | v1.29                  | -                      |
-| v1.30.0   | v1.30                  | -                      |
+| v1.29.2   | v1.29                  | -                      |
+| v1.30.1   | v1.30                  | -                      |
+| v1.31.0   | v1.31                  | -                      |
 
 
 Note: 
diff --git a/THIRD_PARTY_LICENSES.txt b/THIRD_PARTY_LICENSES.txt
diff --git a/docs/load-balancer-annotations.md b/docs/load-balancer-annotations.md
@@ -44,7 +44,7 @@ spec:
 | `service.beta.kubernetes.io/oci-load-balancer-health-check-interval`         | The interval between [health checks][6] requests, in milliseconds.                                                                                                                                                                                                               | `10000`                                          |                                                                                          |
 | `service.beta.kubernetes.io/oci-load-balancer-connection-idle-timeout`       | The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers.                                                                                                                              | `300` for TCP listeners, `60` for HTTP listeners |                                                                                          |
 | `service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode` | Specifies the [security list mode](##security-list-management-modes) (`"All"`, `"Frontend"`,`"None"`) to configure how security lists are managed by the CCM.                                                                                                                    | `"All"`                                          |                                                                                          |
-| `service.beta.kubernetes.io/oci-load-balancer-backend-protocol`              | Specifies protocol on which the listener accepts connection requests. To get a list of valid protocols, use the [`ListProtocols`][5] operation.                                                                                                                                  | `"TCP"`                                          |                                                                                          |
+| `service.beta.kubernetes.io/oci-load-balancer-backend-protocol`              | Specifies protocol on which the listener accepts connection requests. To get a list of valid protocols, use the [`ListProtocols`][5] operation. Supported[listener protocols][13]                                                                                                | `"TCP"`                                          |                                                                                          |
 | `service.beta.kubernetes.io/oci-load-balancer-ssl-ports`                     | The ports to enable SSL termination on the corresponding load balancer listener                                                                                                                                                                                                  | `443`                                            |                                                                                          |
 | `service.beta.kubernetes.io/oci-load-balancer-tls-secret`                    | The TLS secret to install on the load balancer listeners which have SSL enabled.                                                                                                                                                                                                 | `N/A`                                            |                                                                                          |
 | `oci.oraclecloud.com/oci-network-security-groups`                            | Specifies Network Security Groups' OCIDs to be associated with the loadbalancer. Please refer [here][8] for NSG details. Example NSG OCID: `ocid1.networksecuritygroup.oc1.iad.aaa`                                                                                              | `N/A`                                            |                               `"ocid1...aaa, ocid1...bbb"`                               |
@@ -101,6 +101,7 @@ Note:
 | `oci.oraclecloud.com/oci-backend-network-security-group`                   | Specifies backend Network Security Group(s)' OCID(s) for management of ingress / egress security rules for the LB/NLB by the CCM. Example NSG OCID: `ocid1.networksecuritygroup.oc1.iad.aaa` | `N/A`                                     |
 | `oci.oraclecloud.com/ingress-ip-mode`                                      | Specifies ".status.loadBalancer.ingress.ipMode" for a Service with type set to LoadBalancer. Refer: [Specifying IPMode to adjust traffic routing][11]                                        | `VIP`                                     |
 | `oci-network-load-balancer.oraclecloud.com/is-ppv2-enabled`                | To enable/disable PPv2 feature for the listeners of your NLB managed by the CCM.                                                                                                             | `false`                                   |
+| `oci-network-load-balancer.oraclecloud.com/external-ip-only`               | Specifies public ip only if set to true under ".status.loadBalancer.ingress.ip" for a Service. Refer: [Concealing a Network Load Balancer's Private IP Address][12]                          | `false`                                   |
 
 Note:
 - The only security list management mode allowed when backend protocol is UDP is "None"
@@ -145,3 +146,5 @@ Note:
 [9]: https://docs.oracle.com/en-us/iaas/Content/NetworkLoadBalancer/introducton.htm#Overview
 [10]: https://docs.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htm
 [11]: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic_Specifying_IPMode
+[12]: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengconfiguringloadbalancersnetworkloadbalancers-subtopic.htm#contengcreatingloadbalancer_topic_Skip_private_IP_addresses
+[13]: https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingloadbalancers-subtopic.htm#listenerprotocol
diff --git a/hack/existing-standalone-cluster-env-template.sh b/hack/existing-standalone-cluster-env-template.sh
@@ -3,80 +3,83 @@
 ##################################################################################################
 # This template can be used to tweak the environment variables needed to run the E2E tests locally #
 # Default behavior:
-# Runs test on an existing cluster in dev0-iad
+# Runs test on an existing cluster
+# Note: All variables that have comment as "# Mandatory" need to be filled with appropriate values for the tests to run correctly.
 
 # To run the tests:
-# 1. Change the FOCUS variable here to specify the subset of E2E tests to run
+# 1. Change the FOCUS valiable here to specify the subset of E2E tests to run
 # 2. Set CLUSTER_KUBECONFIG and CLOUD_CONFIG if needed
-# 3. run 'source existing-cluster-dev0-env-template.sh' to set the variables
+# 3. run 'source existing-standalone-cluster-env-template.sh' to set the variables
 # 4. run 'make run-ccm-e2e-tests-local`
 ##################################################################################################
 
 # The test suites to run (can replace or add tags)
-export FOCUS="\[test1\]"
+export FOCUS="\[cloudprovider\]"
 
 # The test suites to skip (can replace or add tags)
 export FOCUS_SKIP=""
 
-# Run E2Es in parallel. # of ginkgo "nodes" will be decided automatically based on CPU cores.
-export ENABLE_PARALLEL_RUN=true
+# Scope can be ARM / AMD / BOTH
+# Mandatory
+export SCOPE="BOTH"
 
-# This variable tells the test not to install oci cli and wipe out your .oci/config
-export LOCAL_RUN=1
-export TC_BUILD=0
+# A Reserved IP in your compartment for testing LB creation with Reserved IP
+# Create a public reserved IP in your compartment using the following link:
+# https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingpublicIPs.htm#console-reserved
+# Set the public reserved IP in the following env-variable:
+# Mandatory
+export RESERVED_IP=""
 
-# This allows you to use your existing cluster
-export ENABLE_CREATE_CLUSTER=false
+# Set path to kubeconfig of existing cluster if it does not exist in default path. Defaults to $HOME/.kube/config.
+# Mandatory
+export CLUSTER_KUBECONFIG=$HOME/.kube/config
 
-# Set path to kubeconfig of existing cluster if it does not exist in default path. Defaults to $HOME/.kube/config_*
-export CLUSTER_KUBECONFIG=/Users/ypgohoka/.e2e_ccm_csi/oss-1-31.kubeconfig
+# Set path to cloud_config of existing cluster if it does not exist in default path. Defaults to $HOME/cloudconfig.
+# Mandatory
+export CLOUD_CONFIG=$HOME/cloudconfig
 
-# Set path to cloud_config of existing cluster if it does not exist in default path. Defaults to $HOME/cloudconfig_*
-export CLOUD_CONFIG=/Users/ypgohoka/go/src/github.com/oracle/oci-cloud-controller-manager/manifests/provider-config-example.yaml
+# ADLOCATION example is IqDk:US-ASHBURN-AD-1
+# Mandatory
+export ADLOCATION=""
 
+# KMS key for CMEK testing
+# CMEK KEY example "ocid1.key.relm.region.bb..cc.aaa...aa"
+# Mandatory
+export CMEK_KMS_KEY=""
 
-export IMAGE_PULL_REPO="iad.ocir.io/okedev/e2e-tests/"
-export ADLOCATION="Ddfp:US-ASHBURN-AD-2"
-
-#KMS key for CMEK testing
-export CMEK_KMS_KEY="ocid1.key.oc1.iad.b5r7iu5xaagy2.abuwcljsizwczmdfnitnxaruykluz3p6kwprasd2l7ebfvbkxbytvuumg4cq"
-
-#NSG Network security group created in cluster's VCN
-export NSG_OCIDS="ocid1.networksecuritygroup.oc1.iad.aaaaaaaarqaak4vupqsxits6crgsxu5p65eh7p422iry6qttvafn5jvhsmva,ocid1.networksecuritygroup.oc1.iad.aaaaaaaaie4b3quurf3b5sgwz7lwmygii65k3yvlhkyakqacu74xowe3763q"
+# NSG Network security group created in cluster's VCN
+# CCM E2E tests require two NSGs to run successfully. Please create two NSGs in the cluster's VCN and set NSG_OCIDS
+# NSG_OCIDS example ocid1.networksecuritygroup.relm.region.aa...aa,ocid1.networksecuritygroup.relm.region.aa...aa
+# Mandatory
+export NSG_OCIDS=","
 
 # NSG Network security group created in cluster's VCN for backend management, this NSG will have to be attached to the nodes manually for tests to pass
-export BACKEND_NSG_OCIDS="ocid1.networksecuritygroup.oc1.iad.aaaaaaaaie4b3quurf3b5sgwz7lwmygii65k3yvlhkyakqacu74xowe3763q"
-
-#Reserved IP created in e2e test compartment
-export RESERVED_IP="169.155.149.109"
+export BACKEND_NSG_OCIDS=""
 
-#Architecture to run tests on
-export ARCHITECTURE_AMD="AMD"
-export ARCHITECTURE_ARM="ARM"
-
-#Focus the tests : ARM, AMD or BOTH
-export SCOPE="AMD"
+# FSS VOLUME HANDLE in the format filesystem_ocid:mountTargetIP:export_path
+# Make sure fss volume handle is in the same subnet as your nodes
+# Create a file system, file export path and mount target in your VCN by following
+# https://docs.oracle.com/en-us/iaas/Content/File/Tasks/creatingfilesystems.htm#Using_the_Console
+# And setup your network for the file system by following:
+# https://docs.oracle.com/en-us/iaas/Content/File/Tasks/securitylistsfilestorage.htm
+# Mandatory
+export FSS_VOLUME_HANDLE=""
 
 # For debugging the tests in existing cluster, do not turn it off by default.
 # Optional
 # export DELETE_NAMESPACE=false
 
-# FSS volume handle
-# format is FileSystemOCID:serverIP:path
-export FSS_VOLUME_HANDLE="ocid1.filesystem.oc1.iad.aaaaaaaaaacdndlxnfqwillqojxwiotjmfsc2ylefuyqaaaa:10.0.73.199:/oss-test"
-export FSS_VOLUME_HANDLE_ARM="ocid1.filesystem.oc1.iad.aaaaaaaaaacdndlxnfqwillqojxwiotjmfsc2ylefuyqaaaa:10.0.73.199:/oss-test"
-
-export MNT_TARGET_ID="ocid1.mounttarget.oc1.iad.aaaaacvippzjdfiynfqwillqojxwiotjmfsc2ylefuyqaaaa"
-export MNT_TARGET_SUBNET_ID="ocid1.subnet.oc1.iad.aaaaaaaafujcpvwdn3s2liqwrilolm7jmxkwq35zieo7zk4medjtqxjac7cq"
-export MNT_TARGET_COMPARTMENT_ID="ocid1.compartment.oc1..aaaaaaaaee2fxlf36idmiqlyvnyhkh2oquz5loogbmzat73hnnqhu2c3352a"
+# By default, public images are used. But if your Cluster's environment cannot access above public images then below option can be used to specify an accessible repo.
+# Optional
+# export IMAGE_PULL_REPO="accessiblerepo.com/repo/path/"
 
-export STATIC_SNAPSHOT_COMPARTMENT_ID="ocid1.compartment.oc1..aaaaaaaaee2fxlf36idmiqlyvnyhkh2oquz5loogbmzat73hnnqhu2c3352a"
+export MNT_TARGET_ID=""
+export MNT_TARGET_SUBNET_ID=""
+export MNT_TARGET_COMPARTMENT_ID=""
 
-# For SKE node, node_info, node_lifecycle controller tests against PDE
-# To setup PDE and point your localhost:25000 to the PDE CP API refer: Refer: https://bitbucket.oci.oraclecorp.com/projects/OKE/repos/oke-control-plane/browse/personal-environments/README.md
-# export CE_ENDPOINT_OVERRIDE="http://localhost:25000"
+export STATIC_SNAPSHOT_COMPARTMENT_ID=""
 
 # Whether to run UHP E2Es or not, requires Volume Management Plugin enabled on the node and 16+ cores
 # Check the following doc for the exact requirements:
 # https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/blockvolumeperformance.htm#shapes_block_details
-export RUN_UHP_E2E="false"
+export RUN_UHP_E2E="false"
diff --git a/manifests/cloud-controller-manager/oci-cloud-controller-manager.yaml b/manifests/cloud-controller-manager/oci-cloud-controller-manager.yaml
@@ -42,7 +42,7 @@ spec:
             path: /etc/kubernetes
       containers:
         - name: oci-cloud-controller-manager
-          image: ghcr.io/yashwantgohokar/cloud-provider-oci:v1.31.0
+          image: ghcr.io/oracle/cloud-provider-oci:v1.31.0
           command: ["/usr/local/bin/oci-cloud-controller-manager"]
           args:
             - --cloud-config=/etc/oci/cloud-provider.yaml
diff --git a/manifests/container-storage-interface/oci-csi-controller-driver.yaml b/manifests/container-storage-interface/oci-csi-controller-driver.yaml
@@ -96,7 +96,7 @@ spec:
             - --fss-csi-endpoint=unix://var/run/shared-tmpfs/csi-fss.sock
           command:
             - /usr/local/bin/oci-csi-controller-driver
-          image: ghcr.io/yashwantgohokar/cloud-provider-oci:v1.31.0
+          image: ghcr.io/oracle/cloud-provider-oci:v1.31.0
           imagePullPolicy: IfNotPresent
           volumeMounts:
             - name: config
diff --git a/manifests/container-storage-interface/oci-csi-node-driver.yaml b/manifests/container-storage-interface/oci-csi-node-driver.yaml
@@ -117,7 +117,7 @@ spec:
                   fieldPath: spec.nodeName
             - name: PATH
               value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/bin:/host/sbin
-          image: ghcr.io/yashwantgohokar/cloud-provider-oci:v1.31.0
+          image: ghcr.io/oracle/cloud-provider-oci:v1.31.0
           securityContext:
             privileged: true
           volumeMounts:
diff --git a/manifests/flexvolume-driver/oci-flexvolume-driver.yaml b/manifests/flexvolume-driver/oci-flexvolume-driver.yaml
@@ -40,7 +40,7 @@ spec:
             secretName: oci-flexvolume-driver
       containers:
         - name: oci-flexvolume-driver
-          image: ghcr.io/yashwantgohokar/cloud-provider-oci:v1.31.0
+          image: ghcr.io/oracle/cloud-provider-oci:v1.31.0
           command: ["/usr/local/bin/install.py", "-c", "/tmp/config.yaml"]
           securityContext:
             privileged: true
@@ -76,7 +76,7 @@ spec:
             type: DirectoryOrCreate
       containers:
         - name: oci-flexvolume-driver
-          image: ghcr.io/yashwantgohokar/cloud-provider-oci:v1.31.0
+          image: ghcr.io/oracle/cloud-provider-oci:v1.31.0
           command: ["/usr/local/bin/install.py"]
           securityContext:
             privileged: true
diff --git a/manifests/volume-provisioner/oci-volume-provisioner-fss.yaml b/manifests/volume-provisioner/oci-volume-provisioner-fss.yaml
@@ -35,7 +35,7 @@ spec:
             secretName: oci-volume-provisioner
       containers:
         - name: oci-volume-provisioner
-          image: ghcr.io/yashwantgohokar/cloud-provider-oci:v1.31.0
+          image: ghcr.io/oracle/cloud-provider-oci:v1.31.0
           command: ["/usr/local/bin/oci-volume-provisioner"]
           env:
             - name: NODE_NAME
diff --git a/manifests/volume-provisioner/oci-volume-provisioner.yaml b/manifests/volume-provisioner/oci-volume-provisioner.yaml
@@ -35,7 +35,7 @@ spec:
             secretName: oci-volume-provisioner
       containers:
         - name: oci-volume-provisioner
-          image: ghcr.io/yashwantgohokar/cloud-provider-oci:v1.31.0
+          image: ghcr.io/oracle/cloud-provider-oci:v1.31.0
           command: ["/usr/local/bin/oci-volume-provisioner"]
           env:
             - name: NODE_NAME
