From d7c132d05e7a37193b889739bc7fc0b644bd5986 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Fri, 23 Jan 2026 11:43:07 -0800 Subject: [PATCH 1/3] Automatic API update from projectcalico/calico v3.31.1 --- lib.Makefile | 80 +++++++------------ metadata.mk | 2 +- .../projectcalico/v3/kubecontrollersconfig.go | 2 + pkg/openapi/generated.openapi.go | 5 +- 4 files changed, 35 insertions(+), 54 deletions(-) diff --git a/lib.Makefile b/lib.Makefile index e79170f1b..fc5391105 100644 --- a/lib.Makefile +++ b/lib.Makefile @@ -501,10 +501,9 @@ git-commit: ############################################################################### ifdef LOCAL_CRANE -CRANE_CMD = bash -c $(double_quote)crane +CRANE_CMD = crane else -CRANE_CMD = docker run -t --entrypoint /bin/sh -v $(DOCKER_CONFIG):/root/.docker/config.json $(CALICO_BUILD) -c \ - $(double_quote)crane +CRANE_CMD = $(REPO_ROOT)/bin/crane endif ifdef LOCAL_PYTHON @@ -525,10 +524,10 @@ GIT = $(GIT_CMD) DOCKER = $(DOCKER_CMD) RELEASE_PY3 = $(PYTHON3_CMD) else -CRANE = @echo [DRY RUN] $(CRANE_CMD) -GIT = @echo [DRY RUN] $(GIT_CMD) -DOCKER = @echo [DRY RUN] $(DOCKER_CMD) -RELEASE_PY3 = @echo [DRY RUN] $(PYTHON3_CMD) +CRANE = echo [DRY RUN] $(CRANE_CMD) +GIT = echo [DRY RUN] $(GIT_CMD) +DOCKER = echo [DRY RUN] $(DOCKER_CMD) +RELEASE_PY3 = echo [DRY RUN] $(PYTHON3_CMD) endif QUAY_SET_EXPIRY_SCRIPT = $(REPO_ROOT)/hack/set_quay_expiry.py @@ -1212,9 +1211,9 @@ release-retag-dev-images-in-registry-%: # release-retag-dev-image-in-registry-% retags the build image specified by $* in the dev registry specified by # DEV_REGISTRY with the release tag specified by RELEASE_TAG. If DEV_REGISTRY is in the list of registries specified by # RELEASE_REGISTRIES then the retag is not done -release-retag-dev-image-in-registry-%: +release-retag-dev-image-in-registry-%: bin/crane $(if $(filter-out $(RELEASE_REGISTRIES),$(DEV_REGISTRY)),\ - $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(DEV_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG))$(double_quote) + $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(DEV_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG)) # release-dev-images-to-registry-% copies and retags all the build / arch images specified by BUILD_IMAGES and # VALIDARCHES from the registry specified by DEV_REGISTRY to the registry specified by RELEASE_REGISTRY using the tag @@ -1224,16 +1223,16 @@ release-dev-images-to-registry-%: # release-dev-image-to-registry-% copies the build image and build arch images specified by $* and VALIDARCHES from # the dev repo specified by DEV_TAG and RELEASE. -release-dev-image-to-registry-%: +release-dev-image-to-registry-%: bin/crane $(if $(SKIP_MANIFEST_RELEASE),,\ - $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(RELEASE_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG))$(double_quote) + $(CRANE) cp $(DEV_REGISTRY)/$(call unescapefs,$*):$(DEV_TAG) $(RELEASE_REGISTRY)/$(call unescapefs,$*):$(RELEASE_TAG)) $(if $(SKIP_ARCH_RELEASE),,\ $(MAKE) $(addprefix release-dev-image-arch-to-registry-,$(VALIDARCHES)) BUILD_IMAGE=$(call unescapefs,$*)) # release-dev-image-to-registry-% copies the build arch image specified by BUILD_IMAGE and ARCH from the dev repo # specified by DEV_TAG and RELEASE. -release-dev-image-arch-to-registry-%: - $(CRANE) cp $(DEV_REGISTRY)/$(BUILD_IMAGE):$(DEV_TAG)-$* $(RELEASE_REGISTRY)/$(BUILD_IMAGE):$(RELEASE_TAG)-$*$(double_quote) +release-dev-image-arch-to-registry-%: bin/crane + $(CRANE) cp $(DEV_REGISTRY)/$(BUILD_IMAGE):$(DEV_TAG)-$* $(RELEASE_REGISTRY)/$(BUILD_IMAGE):$(RELEASE_TAG)-$* # release-prereqs checks that the environment is configured properly to create a release. .PHONY: release-prereqs @@ -1257,20 +1256,25 @@ bin/yq: # This setup is used to download and install the 'crane' binary into the local bin/ directory. # The binary will be placed at: ./bin/crane # Normalize architecture for go-containerregistry filenames -CRANE_BUILDARCH := $(shell uname -m | sed 's/amd64/x86_64/;s/x86_64/x86_64/;s/aarch64/arm64/') +CRANE_BUILDARCH := $(shell uname -m | sed 's/aarch64/arm64/') +CRANE_OS := $(shell uname -s) ifeq ($(CRANE_BUILDARCH),) $(error Unsupported or unknown architecture: $(shell uname -m)) endif -CRANE_FILENAME := go-containerregistry_Linux_$(CRANE_BUILDARCH).tar.gz +ifeq ($(CRANE_OS),) + $(error Unsupported or unknown OS: $(shell uname -s)) +endif + +CRANE_FILENAME := go-containerregistry_$(CRANE_OS)_$(CRANE_BUILDARCH).tar.gz CRANE_URL := https://github.com/google/go-containerregistry/releases/download/$(CRANE_VERSION)/$(CRANE_FILENAME) # Install crane binary into bin/ -bin/crane: - mkdir -p bin - $(eval CRANE_TMP := $(shell mktemp -d)) - curl -sSfL --retry 5 -o $(CRANE_TMP)/crane.tar.gz $(CRANE_URL) - tar -xzf $(CRANE_TMP)/crane.tar.gz -C $(CRANE_TMP) crane - mv $(CRANE_TMP)/crane bin/crane +.PHONY: bin/crane +bin/crane: $(REPO_ROOT)/bin/crane +$(REPO_ROOT)/bin/crane: + $(info ::: Downloading crane from $(CRANE_URL)) + @mkdir -p $(REPO_ROOT)/bin + @curl -sSfL --retry 5 $(CRANE_URL) | tar zx -C $(REPO_ROOT)/bin crane ############################################################################### # Common functions for launching a local Kubernetes control plane. @@ -1481,32 +1485,6 @@ help: # Common functions for building windows images. ############################################################################### -# When running on semaphore, just copy the docker config, otherwise run -# 'docker-credential-gcr configure-docker' as well. -ifdef SEMAPHORE -DOCKER_CREDENTIAL_CMD = cp /root/.docker/config.json_host /root/.docker/config.json -else -DOCKER_CREDENTIAL_CMD = cp /root/.docker/config.json_host /root/.docker/config.json && \ - docker-credential-gcr configure-docker -endif - -# This needs the $(WINDOWS_DIST)/bin/docker-credential-gcr binary in $PATH and -# also the local ~/.config/gcloud dir to be able to push to gcr.io. It mounts -# $(DOCKER_CONFIG) and copies it so that it can be written to on the container, -# but not have any effect on the host config. -CRANE_BINDMOUNT_CMD := \ - docker run --rm \ - --net=host \ - --init \ - --entrypoint /bin/sh \ - -e LOCAL_USER_ID=$(LOCAL_USER_ID) \ - -v $(CURDIR):/go/src/$(PACKAGE_NAME):rw \ - -v $(DOCKER_CONFIG):/root/.docker/config.json_host:ro \ - -e PATH=$${PATH}:/go/src/$(PACKAGE_NAME)/$(WINDOWS_DIST)/bin \ - -v $(HOME)/.config/gcloud:/root/.config/gcloud \ - -w /go/src/$(PACKAGE_NAME) \ - $(CALICO_BUILD) -c $(double_quote)$(DOCKER_CREDENTIAL_CMD) && crane - DOCKER_MANIFEST_CMD := docker manifest ifdef CONFIRM @@ -1614,7 +1592,7 @@ image-windows: setup-windows-builder var-require-all-WINDOWS_VERSIONS $(MAKE) windows-sub-image-$${version}; \ done; -release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAGETAG-DEV_REGISTRIES image-windows docker-credential-gcr-binary +release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAGETAG-DEV_REGISTRIES image-windows docker-credential-gcr-binary bin/crane for registry in $(DEV_REGISTRIES); do \ echo Pushing Windows images to $${registry}; \ all_images=""; \ @@ -1623,7 +1601,7 @@ release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAG image_tar="$(WINDOWS_DIST)/$(WINDOWS_IMAGE)-$(GIT_VERSION)-$${win_ver}.tar"; \ image="$${registry}/$(WINDOWS_IMAGE):$(IMAGETAG)-windows-$${win_ver}"; \ echo Pushing image $${image} ...; \ - $(CRANE_BINDMOUNT) push $${image_tar} $${image}$(double_quote) & \ + $(CRANE) push $${image_tar} $${image} & \ all_images="$${all_images} $${image}"; \ done; \ wait; \ @@ -1637,10 +1615,10 @@ release-windows-with-tag: var-require-one-of-CONFIRM-DRYRUN var-require-all-IMAG $(RELEASE_PY3) $(QUAY_SET_EXPIRY_SCRIPT) add --expiry-days=$(QUAY_EXPIRE_DAYS) $${manifest_image} $${all_images} || true; \ done; -release-windows: var-require-one-of-CONFIRM-DRYRUN var-require-all-DEV_REGISTRIES-WINDOWS_IMAGE var-require-one-of-VERSION-BRANCH_NAME +release-windows: var-require-one-of-CONFIRM-DRYRUN var-require-all-DEV_REGISTRIES-WINDOWS_IMAGE var-require-one-of-VERSION-BRANCH_NAME bin/crane describe_tag=$(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(shell git describe --tags --dirty --long --always --abbrev=12); \ release_tag=$(if $(VERSION),$(VERSION),$(if $(IMAGETAG_PREFIX),$(IMAGETAG_PREFIX)-)$(BRANCH_NAME)); \ $(MAKE) release-windows-with-tag IMAGETAG=$${describe_tag}; \ for registry in $(DEV_REGISTRIES); do \ - $(CRANE_BINDMOUNT) cp $${registry}/$(WINDOWS_IMAGE):$${describe_tag} $${registry}/$(WINDOWS_IMAGE):$${release_tag}$(double_quote); \ + $(CRANE) cp $${registry}/$(WINDOWS_IMAGE):$${describe_tag} $${registry}/$(WINDOWS_IMAGE):$${release_tag}; \ done; diff --git a/metadata.mk b/metadata.mk index 15bca5470..841d7ee6a 100644 --- a/metadata.mk +++ b/metadata.mk @@ -4,7 +4,7 @@ # The version of calico/go-build and calico/base to use. GO_BUILD_VER=1.24.9-llvm18.1.8-k8s1.33.5 -CALICO_BASE_VER=ubi9-1754517943 +CALICO_BASE_VER=ubi9-1762560525 # Env var to ACK Ginkgo deprecation warnings, may need updating with go-build. ACK_GINKGO=ACK_GINKGO_DEPRECATIONS=1.16.5 diff --git a/pkg/apis/projectcalico/v3/kubecontrollersconfig.go b/pkg/apis/projectcalico/v3/kubecontrollersconfig.go index af49a66ff..617f0c814 100644 --- a/pkg/apis/projectcalico/v3/kubecontrollersconfig.go +++ b/pkg/apis/projectcalico/v3/kubecontrollersconfig.go @@ -174,6 +174,8 @@ type NamespaceControllerConfig struct { } type LoadBalancerControllerConfig struct { + // AssignIPs controls which LoadBalancer Service gets IP assigned from Calico IPAM. + // +kubebuilder:default=AllServices AssignIPs AssignIPs `json:"assignIPs,omitempty" validate:"omitempty,assignIPs"` } diff --git a/pkg/openapi/generated.openapi.go b/pkg/openapi/generated.openapi.go index 8e7402cbe..c42837448 100644 --- a/pkg/openapi/generated.openapi.go +++ b/pkg/openapi/generated.openapi.go @@ -4976,8 +4976,9 @@ func schema_pkg_apis_projectcalico_v3_LoadBalancerControllerConfig(ref common.Re Properties: map[string]spec.Schema{ "assignIPs": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "AssignIPs controls which LoadBalancer Service gets IP assigned from Calico IPAM.", + Type: []string{"string"}, + Format: "", }, }, }, From cf03f5233c3a58c85668eea68b72b3db7dd958ea Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Fri, 23 Jan 2026 11:44:20 -0800 Subject: [PATCH 2/3] Automatic API update from projectcalico/calico v3.31.2 From fa6e5804419e5f3443ef014589a597537decdf2a Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Fri, 23 Jan 2026 11:44:34 -0800 Subject: [PATCH 3/3] Automatic API update from projectcalico/calico v3.31.3 --- deps.txt | 16 ++++++++-------- go.mod | 2 +- metadata.mk | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/deps.txt b/deps.txt index 9843759c0..250f13410 100644 --- a/deps.txt +++ b/deps.txt @@ -2,7 +2,7 @@ This file contains the list of modules that this package depends on in order to trigger CI on changes -go 1.24.9 +go 1.24.11 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/emicklei/go-restful/v3 v3.11.0 github.com/fxamacker/cbor/v2 v2.7.0 @@ -25,19 +25,19 @@ github.com/pkg/errors v0.9.1 github.com/projectcalico/calico github.com/spf13/pflag v1.0.7 github.com/x448/float16 v0.8.4 -golang.org/x/net v0.46.0 +golang.org/x/net v0.47.0 golang.org/x/oauth2 v0.32.0 -golang.org/x/sys v0.37.0 -golang.org/x/term v0.36.0 -golang.org/x/text v0.30.0 +golang.org/x/sys v0.39.0 +golang.org/x/term v0.38.0 +golang.org/x/text v0.32.0 golang.org/x/time v0.14.0 google.golang.org/protobuf v1.36.7 gopkg.in/evanphx/json-patch.v4 v4.12.0 gopkg.in/inf.v0 v0.9.1 gopkg.in/yaml.v3 v3.0.1 -k8s.io/api v0.33.5 -k8s.io/apimachinery v0.33.5 -k8s.io/client-go v0.33.5 +k8s.io/api v0.33.6 +k8s.io/apimachinery v0.33.6 +k8s.io/client-go v0.33.6 k8s.io/klog v0.2.0 k8s.io/klog/v2 v2.130.1 k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff diff --git a/go.mod b/go.mod index 0cd43f9ca..e4fed972a 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/projectcalico/api -go 1.24.9 +go 1.24.11 require ( github.com/jinzhu/copier v0.4.0 diff --git a/metadata.mk b/metadata.mk index 841d7ee6a..b51f19e01 100644 --- a/metadata.mk +++ b/metadata.mk @@ -3,8 +3,8 @@ ################################################################################################# # The version of calico/go-build and calico/base to use. -GO_BUILD_VER=1.24.9-llvm18.1.8-k8s1.33.5 -CALICO_BASE_VER=ubi9-1762560525 +GO_BUILD_VER=1.24.11-llvm18.1.8-k8s1.33.6 +CALICO_BASE_VER=ubi9-1764972441 # Env var to ACK Ginkgo deprecation warnings, may need updating with go-build. ACK_GINKGO=ACK_GINKGO_DEPRECATIONS=1.16.5