sync: merge openconfig/kne upstream main (May 2026)#23
Merged
Conversation
* Upgrade k8s to 1.35 * cloud-provider-gcp no longer uses Bazel build * Set go path for auth-provider-gcp build
* configure containerd mirror for registry.k8s.io * update path for internal * fix config path * enable authentication for kubelet containerd mirrors * use kne-external for infra containers --------- Co-authored-by: Neha Manjunath <nehamanjunath@google.com>
* update srlinux controller manifest * bump srl-controller
* Add support for IN_CLUSTER_PROXY node type
- Update proto/topo.proto with `IN_CLUSTER_PROXY` in Vendor and `Node.Type` enums.
- Create `topo/node/inclusterproxy` package implementing `Node` interface.
- Set default image to `nicolaka/netshoot:latest` and enforce at least 1 `Service`.
- Enforce link constraints to allow exactly one interface (`eth1`).
- Add warning if `socat` is missing from `Command` or `Args`.
- Update `topo/topo.go` to register the new node type.
- Add unit tests in `topo/node/inclusterproxy/inclusterproxy_test.go`.
* Add support for IN_CLUSTER_PROXY node type
- Update proto/topo.proto with `IN_CLUSTER_PROXY` in Vendor and `Node.Type` enums.
- Create `topo/node/inclusterproxy` package implementing `Node` interface.
- Set default image to `nicolaka/netshoot:latest` and enforce at least 1 `Service`.
- Enforce link constraints to allow exactly one interface (`eth1`).
- Enforce that `proxy-pool-for` label is present in static configuration.
- Add static validation assuring `eth1` is connected directly to the node given in `proxy-pool-for`.
- Add automatic `socat` command generation using `peer-ip` and `target-port` labels:
- Supports IPv4 address allocation arithmetic using `/31` masks.
- Adds IPv6 support using `/127` arithmetic and handles `TCP6-LISTEN` argument switches.
- Update `topo/topo.go` to register the new node type.
- Update `topo/topo.go` to register the new node type.
- Add unit tests in `topo/node/inclusterproxy/inclusterproxy_test.go`.
* Fix config labels for peer ip
* Rename calculateStaticIP to deriveAdjacentIP
* Fix typos
* Fix failing valid_pb_with_automatic_generation_ipv
* Fix lint errors
) * Relax IN_CLUSTER_PROXY link validation to support early addDefaults() passes When loading KNE topologies via the Ondatra testbed framework (knegcebind), an early `addDefaults()` pass instantiates nodes via `node.New()` to calculate default values. Since this pass occurs before the KNE topology manager has fully resolved cross-node links, `eth1.PeerName` is empty during initialization. * Relax IN_CLUSTER_PROXY link validation to support early addDefaults() passes When loading KNE topologies via the Ondatra testbed framework (knegcebind), an early `addDefaults()` pass instantiates nodes via `node.New()` to calculate default values. Since this pass occurs before the KNE topology manager has fully resolved cross-node links, `eth1.PeerName` is empty during initialization.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sync from
openconfig/kneupstreammaininto the drivenets fork. Merge is clean (no manual conflict resolution required); all drivenets-specific changes preserved.Upstream commits brought in
979a581Relax validation for inclusterproxy node interface check (Relax validation for inclusterproxy node interface check openconfig/kne#693)2f54ebfAdd support forIN_CLUSTER_PROXYnode type (Add support for IN_CLUSTER_PROXY node type openconfig/kne#681) — newtopo/node/inclusterproxypackage + proto enum6a57da1Update srlinux controller manifest to 0.7.1 (Update srlinux controller manifest to 0.7.1 openconfig/kne#671)7171fc6Configure containerd mirrors forregistry.k8s.io(Configure containerd mirrors for registry.k8s.io openconfig/kne#686) — packer image build31019a8Upgrade to Kubernetes 1.35 (Upgrade to Kubernetes 1.35 openconfig/kne#682) —cloudbuild/*.pkr.hcl+credential-provider-config.yamlDrivenets bits preserved
manifests/meshnet/{grpc,vxlan}/manifest.yamlstill point atpublic.ecr.aws/drivenets/meshnet-cni:v0.5.0-dn(hardened fork)manifests/controllers/cdnos/manifest.yamlstill points users atdrivenets/cdnos-controllerraw URLtopo/node/drivenets/drivenets.gokeeps Azure LB annotations, CDNOS/MCDNOS model support, service-cleanup waiter, node-selector flagValidation
go mod tidycleango build ./...cleango vet ./...cleango test -short ./...passes for all packages exceptcisco,juniper,cloudbuild/vendors— these three also fail on stockupstream/main(require external scrapli devices / ondatra testbed), so not regressions.Notes / follow-ups
GitHub now reports 10 dependabot alerts (1 critical, 6 high, 3 moderate) on default branch — same set surfaced by
govulncheckin the earlier code review (mostlygolang.org/x/net@v0.47.0,golang.org/x/crypto@v0.45.0,grpc@v1.65.0,docker/docker@v28.1.1). Separate PR recommended to bump these.Made with Cursor