Merge branch 'kubernetes:master' into prefixed_extended_resources

Author: mu-soliman

.github/workflows/ci.yaml

@@ -9,17 +9,18 @@ env:
 
 permissions:
   contents: read
+  checks: write
 
 jobs:
   test-and-verify:
     runs-on: ubuntu-latest
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5.1.0
         with:
           go-version: '1.22.2'
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4.2.2
         with:
           path: ${{ env.GOPATH }}/src/k8s.io/autoscaler
 
@@ -38,6 +39,12 @@ jobs:
         env:
           GO111MODULE: auto
 
+      - name: golangci-lint - vertical-pod-autoscaler
+        uses: golangci/golangci-lint-action@v6
+        with:
+          args: --timeout=30m
+          working-directory: ${{ env.GOPATH }}/src/k8s.io/autoscaler/vertical-pod-autoscaler
+
       - name: Test
         working-directory: ${{ env.GOPATH }}/src/k8s.io/autoscaler
         run: hack/for-go-proj.sh test

.github/workflows/pr.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
       - id: filter
         uses: dorny/[email protected]
         with:
@@ -28,11 +28,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
       - name: Fetch history
         run: git fetch --prune --unshallow
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.0.1
+        uses: helm/chart-testing-action@v2.6.1
       - name: Run chart-testing (lint)
         run: ct lint
       # Only build a kind cluster if there are chart changes to test.
@@ -45,7 +45,7 @@ jobs:
           fi
       - if: steps.list-changed.outputs.changed == 'true'
         name: Create kind cluster
-        uses: helm/kind-action@v1.1.0
+        uses: helm/kind-action@v1.10.0
       - if: steps.list-changed.outputs.changed == 'true'
         name: Run chart-testing (install)
         run: ct install
@@ -57,7 +57,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
       - name: Run helm-docs
         uses: docker://jnorwood/helm-docs:v1.3.0
       - name: Check for changes

.github/workflows/release.yaml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
 
@@ -18,15 +18,15 @@ jobs:
           git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
 
       - name: Install Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@v4.2.0
         with:
           version: v3.4.0
 
       - env:
           CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CR_RELEASE_NAME_TEMPLATE: "cluster-autoscaler-chart-{{ .Version }}"
         name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.1.0
+        uses: helm/chart-releaser-action@v1.6.0
 name: Release Charts
 on:
   push:

.pre-commit-config.yaml

@@ -13,3 +13,10 @@ repos:
         files: (README\.md\.gotmpl|(Chart|requirements|values)\.yaml)$
     repo: https://github.com/norwoodj/helm-docs
     rev: v1.3.0
+  - hooks:
+      - id : update-flags
+        name: Update Cluster-Autoscaler Flags Table
+        entry: bash cluster-autoscaler/hack/update-faq-flags.sh
+        language: system
+        files: cluster-autoscaler/main\.go
+    repo: local

charts/cluster-autoscaler/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.31.0
+appVersion: 1.32.0
 description: Scales Kubernetes worker nodes within autoscaling groups.
 engine: gotpl
 home: https://github.com/kubernetes/autoscaler
@@ -11,4 +11,4 @@ name: cluster-autoscaler
 sources:
   - https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler
 type: application
-version: 9.43.2
+version: 9.46.0

charts/cluster-autoscaler/README.md

@@ -75,6 +75,7 @@ To create a valid configuration, follow instructions for your cloud provider:
 - [Cluster API](#cluster-api)
 - [Exoscale](#exoscale)
 - [Hetzner Cloud](#hetzner-cloud)
+- [Civo](#civo)
 
 ### Templating the autoDiscovery.clusterName
 
@@ -282,6 +283,23 @@ Each autoscaling group requires an additional `instanceType` and `region` key to
 
 Read [cluster-autoscaler/cloudprovider/hetzner/README.md](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/hetzner/README.md) for further information on the setup without helm.
 
+### Civo
+
+The following parameters are required:
+
+- `cloudProvider=civo`
+- `autoscalingGroups=...`
+
+When installing the helm chart to the namespace `kube-system`, you can set `secretKeyRefNameOverride` to `civo-api-access`.
+Otherwise specify the following parameters:
+
+- `civoApiUrl=https://api.civo.com`
+- `civoApiKey=...`
+- `civoClusterID=...`
+- `civoRegion=...`
+
+Read [cluster-autoscaler/cloudprovider/civo/README.md](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/civo/README.md) for further information on the setup without helm.
+
 ## Uninstalling the Chart
 
 To uninstall `my-release`:
@@ -340,6 +358,14 @@ extraVolumeMounts:
   readOnly: true
 ```
 
+### Custom arguments
+
+You can use the `customArgs` value to give any argument to cluster autoscaler command.
+
+Typical use case is to give an environment variable as an argument which will be interpolated at execution time.
+
+This is helpful when you need to inject values from configmap or secret.
+
 ## Troubleshooting
 
 The chart will succeed even if the container arguments are incorrect. A few minutes after starting `kubectl logs -l "app=aws-cluster-autoscaler" --tail=50` should loop through something like
@@ -413,14 +439,19 @@ vpa:
 | azureUseManagedIdentityExtension | bool | `false` | Whether to use Azure's managed identity extension for credentials. If using MSI, ensure subscription ID, resource group, and azure AKS cluster name are set. You can only use one authentication method at a time, either azureUseWorkloadIdentityExtension or azureUseManagedIdentityExtension should be set. |
 | azureUseWorkloadIdentityExtension | bool | `false` | Whether to use Azure's workload identity extension for credentials. See the project here: https://github.com/Azure/azure-workload-identity for more details. You can only use one authentication method at a time, either azureUseWorkloadIdentityExtension or azureUseManagedIdentityExtension should be set. |
 | azureVMType | string | `"vmss"` | Azure VM type. |
+| civoApiKey | string | `""` | API key for the Civo API. Required if `cloudProvider=civo` |
+| civoApiUrl | string | `"https://api.civo.com"` | URL for the Civo API. Required if `cloudProvider=civo` |
+| civoClusterID | string | `""` | Cluster ID for the Civo cluster. Required if `cloudProvider=civo` |
+| civoRegion | string | `""` | Region for the Civo cluster. Required if `cloudProvider=civo` |
 | cloudConfigPath | string | `""` | Configuration file for cloud provider. |
-| cloudProvider | string | `"aws"` | The cloud provider where the autoscaler runs. Currently only `gce`, `aws`, `azure`, `magnum` and `clusterapi` are supported. `aws` supported for AWS. `gce` for GCE. `azure` for Azure AKS. `magnum` for OpenStack Magnum, `clusterapi` for Cluster API. |
+| cloudProvider | string | `"aws"` | The cloud provider where the autoscaler runs. Currently only `gce`, `aws`, `azure`, `magnum`, `clusterapi` and `civo` are supported. `aws` supported for AWS. `gce` for GCE. `azure` for Azure AKS. `magnum` for OpenStack Magnum, `clusterapi` for Cluster API. `civo` for Civo Cloud. |
 | clusterAPICloudConfigPath | string | `"/etc/kubernetes/mgmt-kubeconfig"` | Path to kubeconfig for connecting to Cluster API Management Cluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or incluster-kubeconfig` |
 | clusterAPIConfigMapsNamespace | string | `""` | Namespace on the workload cluster to store Leader election and status configmaps |
 | clusterAPIKubeconfigSecret | string | `""` | Secret containing kubeconfig for connecting to Cluster API managed workloadcluster Required if `cloudProvider=clusterapi` and `clusterAPIMode=kubeconfig-kubeconfig,kubeconfig-incluster or incluster-kubeconfig` |
 | clusterAPIMode | string | `"incluster-incluster"` | Cluster API mode, see https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#connecting-cluster-autoscaler-to-cluster-api-management-and-workload-clusters Syntax: workloadClusterMode-ManagementClusterMode for `kubeconfig-kubeconfig`, `incluster-kubeconfig` and `single-kubeconfig` you always must mount the external kubeconfig using either `extraVolumeSecrets` or `extraMounts` and `extraVolumes` if you dont set `clusterAPIKubeconfigSecret`and thus use an in-cluster config or want to use a non capi generated kubeconfig you must do so for the workload kubeconfig as well |
 | clusterAPIWorkloadKubeconfigPath | string | `"/etc/kubernetes/value"` | Path to kubeconfig for connecting to Cluster API managed workloadcluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or kubeconfig-incluster` |
 | containerSecurityContext | object | `{}` | [Security context for container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| customArgs | list | `[]` | Additional custom container arguments. Refer to https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-the-parameters-to-ca for the full list of cluster autoscaler parameters and their default values. List of arguments as strings. |
 | deployment.annotations | object | `{}` | Annotations to add to the Deployment object. |
 | dnsPolicy | string | `"ClusterFirst"` | Defaults to `ClusterFirst`. Valid values are: `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`. If autoscaler does not depend on cluster DNS, recommended to set this to `Default`. |
 | envFromConfigMap | string | `""` | ConfigMap name to use as envFrom. |
@@ -439,7 +470,7 @@ vpa:
 | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
 | image.pullSecrets | list | `[]` | Image pull secrets |
 | image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | Image repository |
-| image.tag | string | `"v1.31.0"` | Image tag |
+| image.tag | string | `"v1.32.0"` | Image tag |
 | initContainers | list | `[]` | Any additional init containers. |
 | kubeTargetVersionOverride | string | `""` | Allow overriding the `.Capabilities.KubeVersion.GitVersion` check. Useful for `helm template` commands. |
 | kwokConfigMapName | string | `"kwok-provider-config"` | configmap for configuring kwok provider |
@@ -467,7 +498,7 @@ vpa:
 | replicaCount | int | `1` | Desired number of pods |
 | resources | object | `{}` | Pod resource requests and limits. |
 | revisionHistoryLimit | int | `10` | The number of revisions to keep. |
-| secretKeyRefNameOverride | string | `""` | Overrides the name of the Secret to use when loading the secretKeyRef for AWS and Azure env variables |
+| secretKeyRefNameOverride | string | `""` | Overrides the name of the Secret to use when loading the secretKeyRef for AWS, Azure and Civo env variables |
 | securityContext | object | `{}` | [Security context for pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | service.annotations | object | `{}` | Annotations to add to service |
 | service.clusterIP | string | `""` | IP address to assign to service |

charts/cluster-autoscaler/README.md.gotmpl

@@ -75,6 +75,7 @@ To create a valid configuration, follow instructions for your cloud provider:
 - [Cluster API](#cluster-api)
 - [Exoscale](#exoscale)
 - [Hetzner Cloud](#hetzner-cloud)
+- [Civo](#civo)
 
 ### Templating the autoDiscovery.clusterName
 
@@ -282,6 +283,23 @@ Each autoscaling group requires an additional `instanceType` and `region` key to
 
 Read [cluster-autoscaler/cloudprovider/hetzner/README.md](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/hetzner/README.md) for further information on the setup without helm.
 
+### Civo
+
+The following parameters are required:
+
+- `cloudProvider=civo`
+- `autoscalingGroups=...`
+
+When installing the helm chart to the namespace `kube-system`, you can set `secretKeyRefNameOverride` to `civo-api-access`.
+Otherwise specify the following parameters:
+
+- `civoApiUrl=https://api.civo.com`
+- `civoApiKey=...`
+- `civoClusterID=...`
+- `civoRegion=...`
+
+Read [cluster-autoscaler/cloudprovider/civo/README.md](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/civo/README.md) for further information on the setup without helm.
+
 ## Uninstalling the Chart
 
 To uninstall `my-release`:
@@ -340,6 +358,14 @@ extraVolumeMounts:
   readOnly: true
 ```
 
+### Custom arguments
+
+You can use the `customArgs` value to give any argument to cluster autoscaler command.
+
+Typical use case is to give an environment variable as an argument which will be interpolated at execution time.
+
+This is helpful when you need to inject values from configmap or secret.
+
 ## Troubleshooting
 
 The chart will succeed even if the container arguments are incorrect. A few minutes after starting `kubectl logs -l "app=aws-cluster-autoscaler" --tail=50` should loop through something like

charts/cluster-autoscaler/templates/deployment.yaml

@@ -103,7 +103,7 @@ spec:
             - --cluster-name={{ tpl (.Values.magnumClusterName) . }}
             {{- end }}
           {{- else if eq .Values.cloudProvider "clusterapi" }}
-            {{- if or .Values.autoDiscovery.clusterName .Values.autoDiscovery.labels .Values.autoDiscovery.namepace }}
+            {{- if or .Values.autoDiscovery.clusterName .Values.autoDiscovery.labels .Values.autoDiscovery.namespace }}
             - --node-group-auto-discovery=clusterapi:{{ template "cluster-autoscaler.capiAutodiscoveryConfig" . }}
             {{- end }}
             {{- if eq .Values.clusterAPIMode "incluster-kubeconfig"}}
@@ -132,6 +132,9 @@ spec:
             - --{{ $key | mustRegexFind "^[^_]+" }}
             {{- end }}
           {{- end }}
+          {{- range .Values.customArgs }}
+            - {{ . }}
+          {{- end }}
           env:
             - name: POD_NAMESPACE
               valueFrom:
@@ -218,6 +221,27 @@ spec:
           {{- else if eq .Values.cloudProvider "kwok" }}
             - name: KWOK_PROVIDER_CONFIGMAP
               value: "{{.Values.kwokConfigMapName | default "kwok-provider-config"}}"
+          {{- else if eq .Values.cloudProvider "civo" }}
+            - name: CIVO_API_URL
+              valueFrom:
+                secretKeyRef:
+                  key: api-url
+                  name: {{ default (include "cluster-autoscaler.fullname" .) .Values.secretKeyRefNameOverride }}
+            - name: CIVO_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: api-key
+                  name: {{ default (include "cluster-autoscaler.fullname" .) .Values.secretKeyRefNameOverride }}
+            - name: CIVO_CLUSTER_ID
+              valueFrom:
+                secretKeyRef:
+                  key: cluster-id
+                  name: {{ default (include "cluster-autoscaler.fullname" .) .Values.secretKeyRefNameOverride }}
+            - name: CIVO_REGION
+              valueFrom:
+                secretKeyRef:
+                  key: region
+                  name: {{ default (include "cluster-autoscaler.fullname" .) .Values.secretKeyRefNameOverride }}
           {{- end }}
           {{- range $key, $value := .Values.extraEnv }}
             - name: {{ $key }}

charts/cluster-autoscaler/templates/secret.yaml

@@ -2,8 +2,9 @@
 {{- $isAzure := eq .Values.cloudProvider "azure" }}
 {{- $isAws := eq .Values.cloudProvider "aws" }}
 {{- $awsCredentialsProvided := and .Values.awsAccessKeyID .Values.awsSecretAccessKey }}
+{{- $isCivo := eq .Values.cloudProvider "civo" }}
 
-{{- if or $isAzure (and $isAws $awsCredentialsProvided) }}
+{{- if or $isAzure (and $isAws $awsCredentialsProvided) $isCivo }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -20,6 +21,11 @@ data:
 {{- else if $isAws }}
   AwsAccessKeyId: "{{ .Values.awsAccessKeyID | b64enc }}"
   AwsSecretAccessKey: "{{ .Values.awsSecretAccessKey | b64enc }}"
+{{- else if $isCivo }}
+  api-url: "{{ .Values.civoApiUrl | b64enc }}"
+  api-key: "{{ .Values.civoApiKey | b64enc }}"
+  cluster-id: "{{ .Values.civoClusterID | b64enc }}"
+  region: "{{ .Values.civoRegion | b64enc }}"
 {{- end }}
 {{- end }}
 {{- end }}

charts/cluster-autoscaler/values.yaml

@@ -110,13 +110,30 @@ azureVMType: "vmss"
 # azureEnableForceDelete -- Whether to force delete VMs or VMSS instances when scaling down.
 azureEnableForceDelete: false
 
+# civoApiUrl -- URL for the Civo API.
+# Required if `cloudProvider=civo`
+civoApiUrl: "https://api.civo.com"
+
+# civoApiKey -- API key for the Civo API.
+# Required if `cloudProvider=civo`
+civoApiKey: ""
+
+# civoClusterID -- Cluster ID for the Civo cluster.
+# Required if `cloudProvider=civo`
+civoClusterID: ""
+
+# civoRegion -- Region for the Civo cluster.
+# Required if `cloudProvider=civo`
+civoRegion: ""
+
 # cloudConfigPath -- Configuration file for cloud provider.
 cloudConfigPath: ""
 
 # cloudProvider -- The cloud provider where the autoscaler runs.
-# Currently only `gce`, `aws`, `azure`, `magnum` and `clusterapi` are supported.
+# Currently only `gce`, `aws`, `azure`, `magnum`, `clusterapi` and `civo` are supported.
 # `aws` supported for AWS. `gce` for GCE. `azure` for Azure AKS.
 # `magnum` for OpenStack Magnum, `clusterapi` for Cluster API.
+# `civo` for Civo Cloud.
 cloudProvider: aws
 
 # clusterAPICloudConfigPath -- Path to kubeconfig for connecting to Cluster API Management Cluster, only used if `clusterAPIMode=kubeconfig-kubeconfig or incluster-kubeconfig`
@@ -192,10 +209,18 @@ extraArgs:
   # scale-down-delay-after-delete: 0s
   # scale-down-delay-after-failure: 3m
   # scale-down-unneeded-time: 10m
+  # node-deletion-delay-timeout: 2m
+  # node-deletion-batcher-interval: 0s
   # skip-nodes-with-system-pods: true
   # balancing-ignore-label_1: first-label-to-ignore
   # balancing-ignore-label_2: second-label-to-ignore
 
+# customArgs -- Additional custom container arguments.
+# Refer to https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-the-parameters-to-ca for the full list of cluster autoscaler
+# parameters and their default values.
+# List of arguments as strings.
+customArgs: []
+
 # extraEnv -- Additional container environment variables.
 extraEnv: {}
 
@@ -257,7 +282,7 @@ image:
   # image.repository -- Image repository
   repository: registry.k8s.io/autoscaling/cluster-autoscaler
   # image.tag -- Image tag
-  tag: v1.31.0
+  tag: v1.32.0
   # image.pullPolicy -- Image pull policy
   pullPolicy: IfNotPresent
   ## Optionally specify an array of imagePullSecrets.
@@ -438,5 +463,5 @@ vpa:
   # vpa.containerPolicy -- [ContainerResourcePolicy](https://github.com/kubernetes/autoscaler/blob/vertical-pod-autoscaler/v0.13.0/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1/types.go#L159). The containerName is always et to the deployment's container name. This value is required if VPA is enabled.
   containerPolicy: {}
 
-# secretKeyRefNameOverride -- Overrides the name of the Secret to use when loading the secretKeyRef for AWS and Azure env variables
+# secretKeyRefNameOverride -- Overrides the name of the Secret to use when loading the secretKeyRef for AWS, Azure and Civo env variables
 secretKeyRefNameOverride: ""