Sync from SUSE:SLFO:Main flannel revision ccf3e861a0f855c0013a6e2a057902b7

_service

@@ -0,0 +1,23 @@
+<services>
+  <service name="obs_scm" mode="disabled">
+    <param name="url">https://github.com/flannel-io/flannel.git</param>
+    <param name="scm">git</param>
+    <param name="exclude">.git</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="revision">v0.26.4</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="tar" mode="disabled"/>
+  <service name="recompress" mode="disabled">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+  <service name="set_version" mode="disabled">
+    <param name="basename">flannel</param>
+  </service>
+  <service name="go_modules" mode="disabled">
+    <param name="archive">flannel-0.26.4.tar.gz</param>
+  </service>
+</services>
+

_servicedata

@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/flannel-io/flannel.git</param>
+              <param name="changesrevision">c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6</param></service></servicedata>

flannel.changes

@@ -1,3 +1,129 @@
+-------------------------------------------------------------------
+Fri Feb  7 11:23:27 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- add `go-modules` for automated creation of go vendored modules tarball
+
+- bump go version: `BuildRequires:  golang(API) >= 1.23`
+
+- delete unused `kube-flannel.yaml` source in the spec file, it is directly soured from the flannel source tar ball
+ 
+-------------------------------------------------------------------
+Fri Feb  7 11:16:55 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- Update to version 0.26.4:
+  * Moved to github container registry
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+  * Bump go.etcd.io/etcd/tests/v3 from 3.5.17 to 3.5.18
+  * fix: Fix high CPU usage when losing etcd connection and try to re-establish connection with exponential backoff
+  * Bump github.com/containernetworking/plugins from 1.6.1 to 1.6.2
+  * Bump alpine from 20240923 to 20250108 in /images
+  * Bump golang.org/x/net from 0.31.0 to 0.33.0
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+  * Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0
+  * feat: add bool to control CNI config installation using Helm
+  * fix: add missing MY_NODE_NAME env in chart
+  * Bump k8s deps to 0.29.12
+  * Don't panic upon shutdown when running in standalone mode
+  * Bump golang.org/x/crypto from 0.29.0 to 0.31.0
+  * Bump alpine from 20240807 to 20240923 in /images
+  * Bump github.com/containernetworking/plugins from 1.6.0 to 1.6.1
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+  * Bump github.com/vishvananda/netns from 0.0.4 to 0.0.5
+  * Use the standard context library
+  * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
+  * Updated flannel cni image to 1.6.0
+  * Updated CNI plugins version on the README
+  * Bump sigs.k8s.io/knftables from 0.0.17 to 0.0.18
+  * Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1
+  * Bump github.com/Microsoft/hcsshim from 0.12.8 to 0.12.9
+  * Added check to not check br_filter in case of windows
+  * Bumo golangci-lint to latest version
+  * Bump to go 1.23
+  * Added checks for br_netfilter module
+  * Try not to cleanup multiple peers behind same PublicIP
+  * fix trivy check
+  * check that the lease includes an IP address of the requested family before configuring the flannel interface
+  * Fixed IPv6 chosen in case of public-ipv6 configured
+  * add timeout to e2e test pipelines
+  * Update k8s version ine2e tests to v1.29.8
+  * Update netlink to v1.3.0
+  * Fixed values file on flannel chart
+  * Bump k8s.io/klog/v2 from 2.120.1 to 2.130.1
+  * Updated Flannel chart with Netpol containter and removed clustercidr
+  * Fix bug in hostgw-windows
+  * Fix bug in the logic polling the interface
+  * Added node-public-ip annotation
+  * Try several times to contact kube-api before failing
+  * Fixed IPv6 0 initialization
+  * wireguard backend: avoid error message if route already exists
+  * Bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.0
+  * use wait.PollUntilContextTimeout instead of deprecated wait.Poll
+  * troubleshooting.md: add `ethtool -K flannel.1 tx-checksum-ip-generic off` for NAT
+  * Added configuration for pulic-ip through node annotation
+  * extension/vxlan: remove arp commands from vxlan examples
+  * Refactor TrafficManager windows files to clarify logs
+  * Add persistent-mac option to v6 too
+  * fix comparison with previous networks in SetupAndEnsureMasqRules
+  * show content of stdout and stderr when running iptables-restore returns an error
+  * Add extra check before contacting kube-api
+  * remove unimplemented error in windows trafficmngr
+  * remove --dirty flags in git describe
+  * Added leaseAttr string method with logs on VxLan
+  * remove multiClusterCidr related-code.
+  * Implement nftables masquerading for flannel
+  * fix: ipv6 iptables rules were created even when IPv6 was disabled
+  * Add tolerations to the flannel chart
+  * Added additional check for n.spec.podCIDRs
+  * Remove net-tools since it's an old package that we are not using
+  * fix iptables_windows.go
+  * Clean-up Makefile and use docker buildx locally
+  * Use manual test to ensure iptables-* binaries are present
+  * Bump github.com/containerd/containerd from 1.6.23 to 1.6.26
+  * Bump github.com/joho/godotenv
+  * SubnetManager should use the main context
+  * Simplify TrafficManager interface
+  * refactor iptables package to prepare for nftables-based implementation
+
+- flannel v0.26.4, includes `golang.org/x/net/http2` at v0.34.0, which fixes bsc#1236522 (CVE-2023-45288) 
+
+-------------------------------------------------------------------
+Fri Apr 19 17:51:42 UTC 2024 - Jeff Mahoney <jeffm@suse.com>
+
+- Remove dependency on net-tools-deprecated.  It's not actually used.
+
+-------------------------------------------------------------------
+Wed Jan 31 13:05:53 UTC 2024 - Priyanka Saggu <priyanka.saggu@suse.com>
+
+- sync `kube-flannel.yaml` manifest with upstream release, v0.24.2 (bsc#1218694)
+- refactor, clean spec file. Include following change:
+  * bump go version build requirements: `BuildRequires:  golang(API) >= 1.20`
+  * include go modules dependencies as vendor tar - vendor.tar.gz, update following %prep, %build, %install sections accordingly
+
+-------------------------------------------------------------------
+Wed Jan 31 07:20:42 UTC 2024 - priyanka.saggu@suse.com
+
+- Update to version 0.24.2:
+  * Prepare for v0.24.2 release
+  * Increase the time out for interface checking in windows
+  * Prepare for v0.24.1 release
+  * Provide support to select the interface in Windows
+  * Improve the log from powershell
+  * Wait all the jobs to finish before deploy the github-page
+  * remove remaining references to mips64le
+  * add multi-arch dockerfile
+  * add missing riscv64 in docker manifest create step
+  * prepare for v0.24.0 release
+  * Bump golang.org/x/crypto from 0.15.0 to 0.17.0
+  * Add the VNI to the error message in Windows
+  * chart: add possibility for defining image pull secrets in daemonset
+  * Remove multiclustercidr logic from code
+  * Update opentelemetry dependencies
+  * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
+  * Add riscv64 arch in GH actions
+  * vxlan vni should not be type uint16
+  * Quote wireguard psk in helm chart
+  * add riscv64 support
+
 -------------------------------------------------------------------
 Fri Jul 23 08:54:45 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
 

flannel.obsinfo

@@ -0,0 +1,4 @@
+name: flannel
+version: 0.26.4
+mtime: 1738660448
+commit: c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6

flannel.spec

@@ -24,20 +24,18 @@
 %define flannel_container_path registry.opensuse.org/kubic/flannel
 
 Name:           flannel
-Version:        0.14.0
+Version:        0.26.4
 Release:        0
 Summary:        An etcd backed network fabric for containers
 License:        Apache-2.0
 Group:          System/Management
 Url:            https://github.com/flannel-io/flannel
-Source:         https://github.com/flannel-io/flannel/archive/v%{version}.tar.gz
-Source1:        kube-flannel.yaml
+Source0:        flannel-%{version}.tar.gz
+Source1:        vendor.tar.gz
 Requires:       iproute2
-# arp is used:
-Requires:       net-tools-deprecated
 Requires:       iptables
 BuildRequires:  golang-packaging
-BuildRequires:  golang(API) >= 1.16
+BuildRequires:  golang(API) >= 1.23
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExcludeArch:    s390
 %{go_nostrip}
@@ -70,34 +68,28 @@ unique, routable IP address inside the cluster. The advantage of this model is t
 reduces the complexity of doing port mapping.
 
 %prep
-%setup -q
+%setup -q -a1 -n flannel-%{version}
 
 %build
-gofmt -w -r "x -> \"%{version}\"" version/version.go
-%{goprep} github.com/flannel-io/flannel
-# go1.16+ default is GO111MODULE=on set to auto temporarily
-# until using an upstream version with go.mod
-export GO111MODULE=auto
-%{gobuild}
+%define project github.com/flannel-io/flannel
+CGO_ENABLED=1 go build -mod=vendor -v -buildmode=pie -o dist/flanneld \
+	  -ldflags '-s -w -X github.com/flannel-io/flannel/pkg/version.Version=v%{version}'
 
 %install
-%{goinstall}
 rm -rf %{buildroot}/%{_libdir}/go/contrib
 
+# move the binary
+install -D -m 0755 dist/flanneld %{buildroot}%{_sbindir}/flanneld
+
 # Install provided yaml file to download and run the flannel container
 mkdir -p %{buildroot}%{_datadir}/k8s-yaml/flannel
-#install -m 0644 Documentation/kube-flannel.yml %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
-install -m 0644 %{SOURCE1} %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
-sed -i -e 's|image: quay.io/coreos/flannel:.*|image: %{flannel_container_path}:%{version}|g' %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
+install -m 0644 Documentation/kube-flannel.yml %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
+sed -i -e 's|image: docker.io/flannel/flannel:.*|image: %{flannel_container_path}:%{version}|g' %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
 sed -i -e 's|/opt/bin/flanneld|/usr/sbin/flanneld|g' %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
 
-# Move
-mkdir -p %{buildroot}%{_sbindir}
-mv %{buildroot}%{_bindir}/flannel %{buildroot}%{_sbindir}/flanneld
-
 %files
 %defattr(-,root,root)
-%doc README.md DCO NOTICE
+%doc README.md DCO
 %license LICENSE
 %{_sbindir}/flanneld
 

kube-flannel.yaml

@@ -1,223 +0,0 @@
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: psp.flannel.unprivileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
-    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
-spec:
-  privileged: false
-  volumes:
-  - configMap
-  - secret
-  - emptyDir
-  - hostPath
-  allowedHostPaths:
-  - pathPrefix: "/etc/cni/net.d"
-  - pathPrefix: "/etc/kube-flannel"
-  - pathPrefix: "/run/flannel"
-  readOnlyRootFilesystem: false
-  # Users and groups
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  fsGroup:
-    rule: RunAsAny
-  # Privilege Escalation
-  allowPrivilegeEscalation: false
-  defaultAllowPrivilegeEscalation: false
-  # Capabilities
-  allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
-  defaultAddCapabilities: []
-  requiredDropCapabilities: []
-  # Host namespaces
-  hostPID: false
-  hostIPC: false
-  hostNetwork: true
-  hostPorts:
-  - min: 0
-    max: 65535
-  # SELinux
-  seLinux:
-    # SELinux is unused in CaaSP
-    rule: 'RunAsAny'
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: flannel
-rules:
-- apiGroups: ['extensions']
-  resources: ['podsecuritypolicies']
-  verbs: ['use']
-  resourceNames: ['psp.flannel.unprivileged']
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - nodes/status
-  verbs:
-  - patch
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: flannel
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: flannel
-subjects:
-- kind: ServiceAccount
-  name: flannel
-  namespace: kube-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: flannel
-  namespace: kube-system
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: kube-flannel-cfg
-  namespace: kube-system
-  labels:
-    tier: node
-    app: flannel
-data:
-  cni-conf.json: |
-    {
-      "name": "cbr0",
-      "cniVersion": "0.3.1",
-      "plugins": [
-        {
-          "type": "flannel",
-          "delegate": {
-            "hairpinMode": true,
-            "isDefaultGateway": true
-          }
-        },
-        {
-          "type": "portmap",
-          "capabilities": {
-            "portMappings": true
-          }
-        }
-      ]
-    }
-  net-conf.json: |
-    {
-      "Network": "10.244.0.0/16",
-      "Backend": {
-        "Type": "vxlan"
-      }
-    }
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: kube-flannel-ds
-  namespace: kube-system
-  labels:
-    tier: node
-    app: flannel
-spec:
-  selector:
-    matchLabels:
-      app: flannel
-  template:
-    metadata:
-      labels:
-        tier: node
-        app: flannel
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: kubernetes.io/os
-                operator: In
-                values:
-                - linux
-      hostNetwork: true
-      priorityClassName: system-node-critical
-      tolerations:
-      - operator: Exists
-        effect: NoSchedule
-      serviceAccountName: flannel
-      initContainers:
-      - name: install-cni
-        image: quay.io/coreos/flannel:v0.14.0
-        command:
-        - cp
-        args:
-        - -f
-        - /etc/kube-flannel/cni-conf.json
-        - /etc/cni/net.d/10-flannel.conflist
-        volumeMounts:
-        - name: cni
-          mountPath: /etc/cni/net.d
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
-      containers:
-      - name: kube-flannel
-        image: quay.io/coreos/flannel:v0.14.0
-        command:
-        - /opt/bin/flanneld
-        args:
-        - --ip-masq
-        - --kube-subnet-mgr
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "50Mi"
-          limits:
-            cpu: "100m"
-            memory: "50Mi"
-        securityContext:
-          privileged: false
-          capabilities:
-            add: ["NET_ADMIN", "NET_RAW"]
-        env:
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        volumeMounts:
-        - name: run
-          mountPath: /run/flannel
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
-      volumes:
-      - name: run
-        hostPath:
-          path: /run/flannel
-      - name: cni
-        hostPath:
-          path: /etc/cni/net.d
-      - name: flannel-cfg
-        configMap:
-          name: kube-flannel-cfg