From d1239733355c78df59b7e21d4aeeafeccb27c951 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 13:30:25 +0000 Subject: [PATCH 01/43] role-sync-controller: Update to version main-22 Update container-registry.zalando.net/teapot/role-sync-controller to version main-22 --- cluster/manifests/role-sync-controller/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/role-sync-controller/cronjob.yaml b/cluster/manifests/role-sync-controller/cronjob.yaml index a532b82c2a..4f590d1c3d 100644 --- a/cluster/manifests/role-sync-controller/cronjob.yaml +++ b/cluster/manifests/role-sync-controller/cronjob.yaml @@ -33,7 +33,7 @@ spec: restartPolicy: Never containers: - name: role-sync-controller - image: container-registry.zalando.net/teapot/role-sync-controller:main-21 + image: container-registry.zalando.net/teapot/role-sync-controller:main-22 args: - --subject-group=PowerUser - --subject-group=Manual From bd469f17d644deb98e8ef96ca1a4b70feea6787c Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 08:31:37 +0000 Subject: [PATCH 02/43] valkey-9-alpine: Update to version 9-alpine3.22-20260406 Update container-registry.zalando.net/library/valkey-9-alpine to version 9-alpine3.22-20260406 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index a6fc612d2a..cb514b6a9c 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -92,7 +92,7 @@ spec: seconds: 10 {{- else if eq .Cluster.ConfigItems.skipper_ingress_swarm_type "valkey" }} - name: valkey-sidecar - image: container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260330 + image: container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260406 args: - valkey-server - --save From 77696a9a8409e331bcf38f93c9cc22835f2e05cf Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Tue, 7 Apr 2026 09:01:05 +0200 Subject: [PATCH 03/43] change deployment service controller VPA to InPlaceOrRecreate --- cluster/manifests/deployment-service/controller-vpa.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/deployment-service/controller-vpa.yaml b/cluster/manifests/deployment-service/controller-vpa.yaml index 07df7252bc..24ec587b34 100644 --- a/cluster/manifests/deployment-service/controller-vpa.yaml +++ b/cluster/manifests/deployment-service/controller-vpa.yaml @@ -12,7 +12,7 @@ spec: kind: Deployment name: "deployment-service-controller" updatePolicy: - updateMode: Recreate + updateMode: InPlaceOrRecreate resourcePolicy: containerPolicies: - containerName: "deployment-service-controller" From 2454ca7b51314aa8a910d1cf5b504c9cb8402ebf Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 09:05:05 +0000 Subject: [PATCH 04/43] role-sync-controller: Update to version main-23 Update container-registry.zalando.net/teapot/role-sync-controller to version main-23 --- cluster/manifests/role-sync-controller/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/role-sync-controller/cronjob.yaml b/cluster/manifests/role-sync-controller/cronjob.yaml index 4f590d1c3d..8c119add44 100644 --- a/cluster/manifests/role-sync-controller/cronjob.yaml +++ b/cluster/manifests/role-sync-controller/cronjob.yaml @@ -33,7 +33,7 @@ spec: restartPolicy: Never containers: - name: role-sync-controller - image: container-registry.zalando.net/teapot/role-sync-controller:main-22 + image: container-registry.zalando.net/teapot/role-sync-controller:main-23 args: - --subject-group=PowerUser - --subject-group=Manual From dc0dd98f29c5255de4ab7feab41205e162ea0468 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 15:34:02 +0000 Subject: [PATCH 05/43] kube-metrics-adapter: Update to version v0.2.8-10-g1d35f93 Update container-registry.zalando.net/teapot/kube-metrics-adapter to version v0.2.8-10-g1d35f93 --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index 42faec6e73..7469d543f5 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8 + image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-10-g1d35f93 env: - name: AWS_REGION value: {{ .Cluster.Region }} From f0ed731ccd0da66d9718751a87c172358e184c1c Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Wed, 8 Apr 2026 10:50:09 +0200 Subject: [PATCH 06/43] add permission for pod resize --- cluster/manifests/02-vertical-pod-autoscaler/rbac.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cluster/manifests/02-vertical-pod-autoscaler/rbac.yaml b/cluster/manifests/02-vertical-pod-autoscaler/rbac.yaml index abc9859554..c6397c6045 100644 --- a/cluster/manifests/02-vertical-pod-autoscaler/rbac.yaml +++ b/cluster/manifests/02-vertical-pod-autoscaler/rbac.yaml @@ -137,6 +137,12 @@ rules: - pods/eviction verbs: - create + - apiGroups: + - "" + resources: + - pods/resize + verbs: + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding From 9ebadf641363c4d20156e38f3b64d0d8934313ac Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Wed, 8 Apr 2026 10:50:49 +0200 Subject: [PATCH 07/43] change the deployment-service-status-service also to InPlaceOrRecreate --- cluster/manifests/deployment-service/status-service-vpa.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/deployment-service/status-service-vpa.yaml b/cluster/manifests/deployment-service/status-service-vpa.yaml index 1c4d9be45e..10f11406e6 100644 --- a/cluster/manifests/deployment-service/status-service-vpa.yaml +++ b/cluster/manifests/deployment-service/status-service-vpa.yaml @@ -12,7 +12,7 @@ spec: kind: Deployment name: "deployment-service-status-service" updatePolicy: - updateMode: Recreate + updateMode: InPlaceOrRecreate resourcePolicy: containerPolicies: - containerName: "deployment-service-status-service" From 21de8746a4cfd17715f5ee004ac25c5c271ac173 Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Wed, 8 Apr 2026 10:51:40 +0200 Subject: [PATCH 08/43] change default resources to a reasonable values and change replicas to 2 to force VPA and be aligned with other deployments --- .../deployment-service/status-service-deployment.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cluster/manifests/deployment-service/status-service-deployment.yaml b/cluster/manifests/deployment-service/status-service-deployment.yaml index eaf980972a..7cb995d099 100644 --- a/cluster/manifests/deployment-service/status-service-deployment.yaml +++ b/cluster/manifests/deployment-service/status-service-deployment.yaml @@ -10,7 +10,7 @@ metadata: application: "deployment-service" component: "status-service" spec: - replicas: 3 + replicas: 2 selector: matchLabels: application: "deployment-service" @@ -73,11 +73,11 @@ spec: name: http resources: requests: - cpu: "10m" - memory: "7Gi" + cpu: "100m" + memory: "1Gi" limits: - cpu: "10m" - memory: "7Gi" + cpu: "100m" + memory: "1Gi" readinessProbe: httpGet: port: 8080 From c475c48d8d1100e7098e24269ec98fc184987947 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 09:01:40 +0000 Subject: [PATCH 09/43] admission-controller: Update to version master-306 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller to version master-306 --- cluster/manifests/02-admission-control/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/02-admission-control/deployment.yaml b/cluster/manifests/02-admission-control/deployment.yaml index 0bd08bc6db..aebafb7a5e 100644 --- a/cluster/manifests/02-admission-control/deployment.yaml +++ b/cluster/manifests/02-admission-control/deployment.yaml @@ -49,7 +49,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: admission-controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-305 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-306 lifecycle: preStop: sleep: From 664e64877a2dbd9acf76683788306675a0dd7641 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 15:03:40 +0000 Subject: [PATCH 10/43] kube-metrics-adapter: Update to version v0.2.8-12-g1009ae6 Update container-registry.zalando.net/teapot/kube-metrics-adapter to version v0.2.8-12-g1009ae6 --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index 7469d543f5..2508dc4729 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-10-g1d35f93 + image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-12-g1009ae6 env: - name: AWS_REGION value: {{ .Cluster.Region }} From 95a41993da95b6b6e5b4d252449b77fc054cd622 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 14:03:54 +0000 Subject: [PATCH 11/43] sandbox-controller: Update to version main-67 Update container-registry.zalando.net/gwproxy/sandbox-controller to version main-67 --- cluster/manifests/sandbox-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/sandbox-controller/30-deployment.yaml b/cluster/manifests/sandbox-controller/30-deployment.yaml index a220b1d5ce..2166b50bfb 100644 --- a/cluster/manifests/sandbox-controller/30-deployment.yaml +++ b/cluster/manifests/sandbox-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-65" }} +# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-67" }} # {{ $version := index (split $image ":") 1 }} {{ if eq .Cluster.ConfigItems.sandbox_controller_enabled "true" }} From c494e433a45d2c91a135c37429f045b16bf8f709 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:33:48 +0000 Subject: [PATCH 12/43] shadow-traffic-controller: Update to version main-25 Update container-registry.zalando.net/gwproxy/shadow-traffic-controller to version main-25 --- cluster/manifests/shadow-traffic-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml index 38d1b1cbcd..2c6c2274b6 100644 --- a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml +++ b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-24" }} +# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-25" }} # {{ $version := index (split $image ":") 1 }} # {{ if eq .Cluster.ConfigItems.shadow_traffic_controller_enabled "true" }} apiVersion: apps/v1 From 66aa12d1439c1cba9259a5dc404fe408231a5f23 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 07:33:43 +0000 Subject: [PATCH 13/43] valkey-9-alpine: Update to version 9-alpine3.22-20260406 Update container-registry.zalando.net/library/valkey-9-alpine to version 9-alpine3.22-20260406 --- cluster/manifests/skipper/skipper-valkey.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/skipper-valkey.yaml b/cluster/manifests/skipper/skipper-valkey.yaml index 3d0db1026a..9c86a9237d 100644 --- a/cluster/manifests/skipper/skipper-valkey.yaml +++ b/cluster/manifests/skipper/skipper-valkey.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260330" }} +# {{ $image := "container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260406" }} # {{ $version := index (split $image ":") 1 }} {{- if eq .Cluster.ConfigItems.skipper_ingress_swarm_type "valkey" }} apiVersion: apps/v1 From 29a163375d1698f3d1502b2831f5af94870eef10 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 08:34:14 +0000 Subject: [PATCH 14/43] shadow-traffic-controller: Update to version main-26 Update container-registry.zalando.net/gwproxy/shadow-traffic-controller to version main-26 --- cluster/manifests/shadow-traffic-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml index 2c6c2274b6..48217fe631 100644 --- a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml +++ b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-25" }} +# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-26" }} # {{ $version := index (split $image ":") 1 }} # {{ if eq .Cluster.ConfigItems.shadow_traffic_controller_enabled "true" }} apiVersion: apps/v1 From 76bd16c55adf1d4d1113ba948dbad431c8670846 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 09:32:42 +0000 Subject: [PATCH 15/43] kube-metrics-adapter: Update to version v0.2.8-14-gd0dbe73 Update container-registry.zalando.net/teapot/kube-metrics-adapter to version v0.2.8-14-gd0dbe73 --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index 2508dc4729..62d87d73e7 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-12-g1009ae6 + image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-14-gd0dbe73 env: - name: AWS_REGION value: {{ .Cluster.Region }} From 8e52d929e3e9df0797b365235d39ff8108bbb851 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 09:33:34 +0000 Subject: [PATCH 16/43] sandbox-controller: Update to version main-68 Update container-registry.zalando.net/gwproxy/sandbox-controller to version main-68 --- cluster/manifests/sandbox-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/sandbox-controller/30-deployment.yaml b/cluster/manifests/sandbox-controller/30-deployment.yaml index 2166b50bfb..461847b91e 100644 --- a/cluster/manifests/sandbox-controller/30-deployment.yaml +++ b/cluster/manifests/sandbox-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-67" }} +# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-68" }} # {{ $version := index (split $image ":") 1 }} {{ if eq .Cluster.ConfigItems.sandbox_controller_enabled "true" }} From 0428aed5e99f0da0470075f80627454aea017364 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 12:33:50 +0000 Subject: [PATCH 17/43] shadow-traffic-controller: Update to version main-27 Update container-registry.zalando.net/gwproxy/shadow-traffic-controller to version main-27 --- cluster/manifests/shadow-traffic-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml index 48217fe631..af84029bf6 100644 --- a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml +++ b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-26" }} +# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-27" }} # {{ $version := index (split $image ":") 1 }} # {{ if eq .Cluster.ConfigItems.shadow_traffic_controller_enabled "true" }} apiVersion: apps/v1 From 062577a045768df9d03a9dbf9d2e8bb147010775 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 16:03:47 +0000 Subject: [PATCH 18/43] shadow-traffic-controller: Update to version main-28 Update container-registry.zalando.net/gwproxy/shadow-traffic-controller to version main-28 --- cluster/manifests/shadow-traffic-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml index af84029bf6..00305c416a 100644 --- a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml +++ b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-27" }} +# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-28" }} # {{ $version := index (split $image ":") 1 }} # {{ if eq .Cluster.ConfigItems.shadow_traffic_controller_enabled "true" }} apiVersion: apps/v1 From ac330ab9b5d262c9b546003d560eb95a4306d18f Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Sat, 11 Apr 2026 16:31:30 +0000 Subject: [PATCH 19/43] skipper: Update to version v0.24.65 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.24.65 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index 8080095f9c..c0531dfadc 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -128,7 +128,7 @@ spec: seconds: 10 {{ end }} - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.64 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.65 env: {{ if or (eq .Cluster.ConfigItems.skipper_local_tokeninfo "production") (eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge") }} - name: LOCAL_TOKENINFO From ebb215bf9abc30ff8d21365c9546ae878ef273a7 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 08:33:30 +0000 Subject: [PATCH 20/43] valkey-9-alpine: Update to version 9-alpine3.22-20260413 Update container-registry.zalando.net/library/valkey-9-alpine to version 9-alpine3.22-20260413 --- cluster/manifests/skipper/skipper-valkey.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/skipper-valkey.yaml b/cluster/manifests/skipper/skipper-valkey.yaml index 9c86a9237d..4697669844 100644 --- a/cluster/manifests/skipper/skipper-valkey.yaml +++ b/cluster/manifests/skipper/skipper-valkey.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260406" }} +# {{ $image := "container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260413" }} # {{ $version := index (split $image ":") 1 }} {{- if eq .Cluster.ConfigItems.skipper_ingress_swarm_type "valkey" }} apiVersion: apps/v1 From 70f42661a9435f464d94f726972ceda38f0c3ff6 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 08:34:02 +0000 Subject: [PATCH 21/43] skipper: Update to version v0.24.66 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.24.66 --- cluster/node-pools/master-default/userdata.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 418e325484..aea2af4eff 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -406,7 +406,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ end }} - name: skipper-proxy - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.64 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.66 args: - skipper - -access-log-strip-query @@ -457,7 +457,7 @@ write_files: name: ssl-certs-kubernetes readOnly: true - name: skipper-metrics - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.64 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.66 args: - skipper - -access-log-strip-query From 770c4e7b9cff455815b4b5408108abda29706a2a Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 09:01:38 +0000 Subject: [PATCH 22/43] admission-controller: Update to version master-307 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller to version master-307 --- cluster/manifests/02-admission-control/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/02-admission-control/deployment.yaml b/cluster/manifests/02-admission-control/deployment.yaml index aebafb7a5e..906c4d59e8 100644 --- a/cluster/manifests/02-admission-control/deployment.yaml +++ b/cluster/manifests/02-admission-control/deployment.yaml @@ -49,7 +49,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: admission-controller - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-306 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-307 lifecycle: preStop: sleep: From 58025f57816ae457c70aeed7a6d011507bf17a8f Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 12:31:52 +0000 Subject: [PATCH 23/43] skipper: Update to version v0.24.67 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.24.67 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index c0531dfadc..0317472cf7 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -128,7 +128,7 @@ spec: seconds: 10 {{ end }} - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.65 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.67 env: {{ if or (eq .Cluster.ConfigItems.skipper_local_tokeninfo "production") (eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge") }} - name: LOCAL_TOKENINFO From 837a33998e44cecc2f990a28522d1320a68aa9f9 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 16:01:55 +0000 Subject: [PATCH 24/43] skipper: Update to version v0.24.68 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.24.68 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index 0317472cf7..c8b9700705 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -128,7 +128,7 @@ spec: seconds: 10 {{ end }} - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.67 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.68 env: {{ if or (eq .Cluster.ConfigItems.skipper_local_tokeninfo "production") (eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge") }} - name: LOCAL_TOKENINFO From dd5c9f71b158108b004eb9477d70c10abcdd8951 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 16:31:51 +0000 Subject: [PATCH 25/43] skipper: Update to version v0.24.69 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.24.69 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index c8b9700705..ce20985e10 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -128,7 +128,7 @@ spec: seconds: 10 {{ end }} - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.68 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.69 env: {{ if or (eq .Cluster.ConfigItems.skipper_local_tokeninfo "production") (eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge") }} - name: LOCAL_TOKENINFO From 5127eef7c47f1e515ff595d7e3ee17e61435fd28 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 18:02:04 +0000 Subject: [PATCH 26/43] skipper: Update to version v0.24.70 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.24.70 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index ce20985e10..1852046517 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -128,7 +128,7 @@ spec: seconds: 10 {{ end }} - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.69 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.70 env: {{ if or (eq .Cluster.ConfigItems.skipper_local_tokeninfo "production") (eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge") }} - name: LOCAL_TOKENINFO From 7e4c868ff452add5fa851be0e4fac8e93e0ddaa3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Mon, 13 Apr 2026 20:38:47 +0200 Subject: [PATCH 27/43] fix: switch zone aware *.ingress.cluster.local ClusterIP to be zone aware without automatic guardrails MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sandor Szücs --- cluster/config-defaults.yaml | 6 ++++-- cluster/manifests/skipper/service-internal.yaml | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 03cffcbed4..14d20214a4 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -356,8 +356,10 @@ skipper_eastwest_dns_log_enabled: "false" # if enabled adds port 8080 as svc port to eastwest svc skipper_ingress_eastwest_additional_port: "false" -# if enabled adds service.kubernetes.io/topology-mode: auto to the eastwest service -skipper_ingress_eastwest_topology_mode_auto: "true" +# if enabled adds service.kubernetes.io/topology-mode: auto to the eastwest service, tries to add safety automatically by enabling/disabling zone awareness +skipper_ingress_eastwest_topology_mode_auto: "false" +# if enabled adds trafficDistribution: PreferSameZone, ignore all magic just make it zone aware +skipper_ingress_eastwest_zone_aware_clusterip: "true" # skipper tcp lifo # See: https://opensource.zalando.com/skipper/operation/operation/#tcp-lifo diff --git a/cluster/manifests/skipper/service-internal.yaml b/cluster/manifests/skipper/service-internal.yaml index e0446354c9..07b23597f0 100644 --- a/cluster/manifests/skipper/service-internal.yaml +++ b/cluster/manifests/skipper/service-internal.yaml @@ -12,6 +12,9 @@ metadata: component: ingress spec: type: ClusterIP +{{- if eq .Cluster.ConfigItems.skipper_ingress_eastwest_zone_aware_clusterip "true" }} + trafficDistribution: PreferSameZone +{{- end}} {{- if eq .Cluster.Provider "zalando-eks" }} clusterIP: {{ nthAddressFromCIDR .Cluster.ConfigItems.service_cidr 50 }} {{- else}} From 42767f9c6b19036a745f1b159040849b6b94790f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandor=20Sz=C3=BCcs?= Date: Mon, 13 Apr 2026 21:35:46 +0200 Subject: [PATCH 28/43] fix: internal cross cluster nlb forwarder az aware MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ref https://chat.google.com/room/AAQAHb-nwYs/hzEsL6RvH6o/hzEsL6RvH6o?cls=10 Signed-off-by: Sandor Szücs --- cluster/manifests/skipper/service-eks-internal.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cluster/manifests/skipper/service-eks-internal.yaml b/cluster/manifests/skipper/service-eks-internal.yaml index 45f2fa4955..0106ffd89a 100644 --- a/cluster/manifests/skipper/service-eks-internal.yaml +++ b/cluster/manifests/skipper/service-eks-internal.yaml @@ -5,6 +5,7 @@ metadata: annotations: external-dns.alpha.kubernetes.io/hostname: skipper-ingress-eks.{{ .Values.hosted_zone }} service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: application=skipper-ingress,component=ingress + service.beta.kubernetes.io/aws-load-balancer-attributes: dns_record.client_routing_policy=availability_zone_affinity,load_balancing.cross_zone.enabled=false service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp # SG of the old cluster worker nodes service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: {{ .Cluster.ConfigItems.worker_sg_legacy_cluster }} From 62942921ef279e486c24a770136528e2141735bd Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 08:03:58 +0000 Subject: [PATCH 29/43] shadow-traffic-controller: Update to version main-29 Update container-registry.zalando.net/gwproxy/shadow-traffic-controller to version main-29 --- cluster/manifests/shadow-traffic-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml index 00305c416a..568dd1308f 100644 --- a/cluster/manifests/shadow-traffic-controller/30-deployment.yaml +++ b/cluster/manifests/shadow-traffic-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-28" }} +# {{ $image := "container-registry.zalando.net/gwproxy/shadow-traffic-controller:main-29" }} # {{ $version := index (split $image ":") 1 }} # {{ if eq .Cluster.ConfigItems.shadow_traffic_controller_enabled "true" }} apiVersion: apps/v1 From 73091fef6a86954fec3cb689bd58823db5324f38 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 08:34:15 +0000 Subject: [PATCH 30/43] role-sync-controller: Update to version main-24 Update container-registry.zalando.net/teapot/role-sync-controller to version main-24 --- cluster/manifests/role-sync-controller/cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/role-sync-controller/cronjob.yaml b/cluster/manifests/role-sync-controller/cronjob.yaml index 8c119add44..adb8398021 100644 --- a/cluster/manifests/role-sync-controller/cronjob.yaml +++ b/cluster/manifests/role-sync-controller/cronjob.yaml @@ -33,7 +33,7 @@ spec: restartPolicy: Never containers: - name: role-sync-controller - image: container-registry.zalando.net/teapot/role-sync-controller:main-23 + image: container-registry.zalando.net/teapot/role-sync-controller:main-24 args: - --subject-group=PowerUser - --subject-group=Manual From 0aae50c9c21a0176ca1e15aac565e635d3d57d42 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 11:04:29 +0000 Subject: [PATCH 31/43] admission-controller: Update to version master-307 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller to version master-307 --- cluster/node-pools/master-default/userdata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index aea2af4eff..86184553ae 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -216,7 +216,7 @@ write_files: limits: memory: {{ .Values.InstanceInfo.MemoryFraction (parseInt64 .Cluster.ConfigItems.apiserver_memory_limit_percent)}} {{- end }} - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-305 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-307 name: admission-controller lifecycle: preStop: From 33056187942644900f4fd02325c8b8b0f06ef53d Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Wed, 15 Apr 2026 09:59:50 +0200 Subject: [PATCH 32/43] try to enable again the InPlace Resize test --- test/e2e/run_e2e.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/test/e2e/run_e2e.sh b/test/e2e/run_e2e.sh index ca6f8dab96..529c13a072 100755 --- a/test/e2e/run_e2e.sh +++ b/test/e2e/run_e2e.sh @@ -199,7 +199,6 @@ if [ "$e2e" = true ]; then "\[Serial\]" "validates.that.there.is.no.conflict.between.pods.with.same.hostPort.but.different.hostIP.and.protocol" "Should.create.gradual.traffic.routes" - "Pod InPlace Resize Container" ) if [ "$CLUSTER_PROVIDER" == "zalando-aws" ]; then From a90f9bde4c8276adddee3a3d09be2371b3824159 Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Wed, 15 Apr 2026 11:03:32 +0200 Subject: [PATCH 33/43] allow to patch pods/resize for in place --- cluster/manifests/02-admission-control/teapot.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cluster/manifests/02-admission-control/teapot.yaml b/cluster/manifests/02-admission-control/teapot.yaml index aacfc2225b..1313ec968c 100644 --- a/cluster/manifests/02-admission-control/teapot.yaml +++ b/cluster/manifests/02-admission-control/teapot.yaml @@ -52,6 +52,10 @@ webhooks: apiGroups: [""] apiVersions: ["v1"] resources: ["pods", "pods/ephemeralcontainers"] + - operations: [ "PATCH" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods/resize"] {{- if eq .Cluster.ConfigItems.teapot_admission_controller_inject_environment_variables "true" }} - name: pod-binding-admitter.teapot.zalan.do {{- if eq .Cluster.Provider "zalando-eks"}} From 424a42b4765e7fe1123f993a1d81159bde986d1b Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Wed, 15 Apr 2026 11:33:15 +0200 Subject: [PATCH 34/43] Revert "allow to patch pods/resize for in place" This reverts commit a90f9bde4c8276adddee3a3d09be2371b3824159. --- cluster/manifests/02-admission-control/teapot.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cluster/manifests/02-admission-control/teapot.yaml b/cluster/manifests/02-admission-control/teapot.yaml index 1313ec968c..aacfc2225b 100644 --- a/cluster/manifests/02-admission-control/teapot.yaml +++ b/cluster/manifests/02-admission-control/teapot.yaml @@ -52,10 +52,6 @@ webhooks: apiGroups: [""] apiVersions: ["v1"] resources: ["pods", "pods/ephemeralcontainers"] - - operations: [ "PATCH" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods/resize"] {{- if eq .Cluster.ConfigItems.teapot_admission_controller_inject_environment_variables "true" }} - name: pod-binding-admitter.teapot.zalan.do {{- if eq .Cluster.Provider "zalando-eks"}} From bf19d6cc2eddca92213776df03b849917ca3621f Mon Sep 17 00:00:00 2001 From: Tiago Silvestre Condeixa Date: Wed, 15 Apr 2026 11:33:16 +0200 Subject: [PATCH 35/43] Revert "try to enable again the InPlace Resize test" This reverts commit 33056187942644900f4fd02325c8b8b0f06ef53d. --- test/e2e/run_e2e.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test/e2e/run_e2e.sh b/test/e2e/run_e2e.sh index 529c13a072..ca6f8dab96 100755 --- a/test/e2e/run_e2e.sh +++ b/test/e2e/run_e2e.sh @@ -199,6 +199,7 @@ if [ "$e2e" = true ]; then "\[Serial\]" "validates.that.there.is.no.conflict.between.pods.with.same.hostPort.but.different.hostIP.and.protocol" "Should.create.gradual.traffic.routes" + "Pod InPlace Resize Container" ) if [ "$CLUSTER_PROVIDER" == "zalando-aws" ]; then From 8a2aa4fdd9cbc64de4678af1de066c216286dbb4 Mon Sep 17 00:00:00 2001 From: Tiago Condeixa Date: Thu, 16 Apr 2026 15:59:01 +0200 Subject: [PATCH 36/43] Revert "kube-metrics-adapter: Update to version v0.2.8-14-gd0dbe73" --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index 62d87d73e7..42faec6e73 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-14-gd0dbe73 + image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8 env: - name: AWS_REGION value: {{ .Cluster.Region }} From 5da6611b9a08b0b9eee69f944454b7ae3a71723b Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Thu, 16 Apr 2026 15:59:37 +0200 Subject: [PATCH 37/43] skipper-internal: Update main version to v0.24.64-1393 * https://github.com/zalando/skipper/pull/3934 * https://github.com/zalando/skipper/pull/3938 * https://github.com/zalando/skipper/pull/3940 * https://github.com/zalando/skipper/pull/3941 * https://github.com/zalando/skipper/pull/3942 * https://github.com/zalando/skipper/pull/3951 * https://github.com/zalando/skipper/pull/3946 * https://github.com/zalando/skipper/pull/3950 * https://github.com/zalando/skipper/pull/3948 * https://github.com/zalando/skipper/pull/3949 * https://github.com/zalando/skipper/pull/3947 * https://github.com/zalando/skipper/pull/3117 follow up on https://github.com/zalando-incubator/kubernetes-on-aws/pull/10974 Signed-off-by: Mustafa Abdelrahman --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 652a35c4af..c93fc0e2b8 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,6 +1,6 @@ {{/* image-updater-bot detects *image variables so use name with suffix to disable it for the main image */}} -{{ $main_image_updated_manually := "container-registry.zalando.net/teapot/skipper-internal:v0.24.58-1387" }} +{{ $main_image_updated_manually := "container-registry.zalando.net/teapot/skipper-internal:v0.24.64-1393" }} {{ $canary_image := "container-registry.zalando.net/teapot/skipper-internal:v0.24.64-1393" }} {{/* Allow to override manually canary image by config item */}} From f2feb7565e047583041d6c63eac8354c0891a2a3 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 16 Apr 2026 16:03:29 +0200 Subject: [PATCH 38/43] e2e: Enhance example in README Signed-off-by: Mikkel Oscar Lyderik Larsen --- test/e2e/README.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/test/e2e/README.md b/test/e2e/README.md index 8ebfc29621..bd7463bf52 100644 --- a/test/e2e/README.md +++ b/test/e2e/README.md @@ -205,8 +205,13 @@ Follow up code, that waits for creations to be happen: make ``` - This will setup the go modules correctly and build a binary - `e2e.test`. + This will build a binary `e2e.test`. + + Install `ginkgo` if you haven't already: + + ```bash + make deps + ``` Run all Zalando tests from your local build: @@ -220,5 +225,20 @@ Follow up code, that waits for creations to be happen: -allowed-not-ready-nodes=-1 ``` + To run a _single test_ often the most useful, you can do it like this: + + ```bash + # S3_AWS_IAM_BUCKET and AWS_IAM_ROLE is required for the AWS-IAM tests. + KUBECONFIG=~/.kube/config HOSTED_ZONE=example.org CLUSTER_ALIAS=example \ + S3_AWS_IAM_BUCKET=zalando-e2e-aws-iam-test-12345678912-kube-1 \ + AWS_IAM_ROLE=kube-1-e2e-aws-iam-test \ + ginkgo -procs=1 -flake-attempts=2 -focus="name of test" \ + e2e.test -- -non-blocking-taints=node.kubernetes.io/role,nvidia.com/gpu,dedicated \ + -allowed-not-ready-nodes=-1 + ``` + + Note that the flag `-procs` is set to `1` in this case. If it's set to `25` but + only focusing on one test it will just hang. + [ginkgo]: https://onsi.github.io/ginkgo/ From 3843375874ff3ee8e5846b07ceb9b8bba49d4beb Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 15:03:16 +0000 Subject: [PATCH 39/43] kube-metrics-adapter: Update to version v0.2.8-16-g6d6c08e Update container-registry.zalando.net/teapot/kube-metrics-adapter to version v0.2.8-16-g6d6c08e --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index 62d87d73e7..54abe32b7b 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-14-gd0dbe73 + image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.8-16-g6d6c08e env: - name: AWS_REGION value: {{ .Cluster.Region }} From 08e5c9816cd4b3a53f158a0692e24e394ae8f01a Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 12:04:13 +0000 Subject: [PATCH 40/43] sandbox-controller: Update to version main-69 Update container-registry.zalando.net/gwproxy/sandbox-controller to version main-69 --- cluster/manifests/sandbox-controller/30-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/sandbox-controller/30-deployment.yaml b/cluster/manifests/sandbox-controller/30-deployment.yaml index 461847b91e..c6dafcbeab 100644 --- a/cluster/manifests/sandbox-controller/30-deployment.yaml +++ b/cluster/manifests/sandbox-controller/30-deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-68" }} +# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-69" }} # {{ $version := index (split $image ":") 1 }} {{ if eq .Cluster.ConfigItems.sandbox_controller_enabled "true" }} From 84fcf1bc466e1afcf69cc30ba3ef8fba0d91eeec Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 19:01:41 +0000 Subject: [PATCH 41/43] valkey-9-alpine: Update to version 9-alpine3.22-20260414 Update container-registry.zalando.net/library/valkey-9-alpine to version 9-alpine3.22-20260414 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index 1852046517..168c1e250e 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -92,7 +92,7 @@ spec: seconds: 10 {{- else if eq .Cluster.ConfigItems.skipper_ingress_swarm_type "valkey" }} - name: valkey-sidecar - image: container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260406 + image: container-registry.zalando.net/library/valkey-9-alpine:9-alpine3.22-20260414 args: - valkey-server - --save From ed07bdad7853e3e39d894226a15b80ffd5c3dea9 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 19:01:48 +0000 Subject: [PATCH 42/43] skipper: Update to version v0.24.71 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.24.71 --- cluster/manifests/03-skipper-validation-webhook/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml index 1852046517..8bfd0b642a 100644 --- a/cluster/manifests/03-skipper-validation-webhook/deployment.yaml +++ b/cluster/manifests/03-skipper-validation-webhook/deployment.yaml @@ -128,7 +128,7 @@ spec: seconds: 10 {{ end }} - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.70 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.24.71 env: {{ if or (eq .Cluster.ConfigItems.skipper_local_tokeninfo "production") (eq .Cluster.ConfigItems.skipper_local_tokeninfo "bridge") }} - name: LOCAL_TOKENINFO From 580d91d01d69d79d4b9137a9acc5e00c460d0db7 Mon Sep 17 00:00:00 2001 From: "k8s-on-aws-manager-app[bot]" <181735053+k8s-on-aws-manager-app[bot]@users.noreply.github.com> Date: Fri, 17 Apr 2026 09:08:09 +0000 Subject: [PATCH 43/43] flannel: Update to version v0.28.4-master-47 Update container-registry.zalando.net/teapot/flannel to version v0.28.4-master-47 --- cluster/manifests/flannel/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/flannel/daemonset.yaml b/cluster/manifests/flannel/daemonset.yaml index 52f152d83c..49395356cd 100644 --- a/cluster/manifests/flannel/daemonset.yaml +++ b/cluster/manifests/flannel/daemonset.yaml @@ -69,7 +69,7 @@ spec: failureThreshold: 30 periodSeconds: 10 - name: kube-flannel - image: container-registry.zalando.net/teapot/flannel:v0.28.2-master-46 + image: container-registry.zalando.net/teapot/flannel:v0.28.4-master-47 command: - /opt/bin/flanneld args: