From 967d465e6fbc2c6b533da6dcde4f2e97895a6705 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Wed, 23 Oct 2024 10:55:38 +0000
Subject: [PATCH] feat: upgrade to Kube v1.30.6, Istio SMTP fix

---
 Dockerfile                                             | 10 ++++++----
 admin/upgrade_cluster.sh                               |  3 ++-
 charts/kubeadm/Chart.yaml                              |  2 +-
 .../templates/envoyfilter-listener.yaml                |  8 ++++++++
 charts/kubezero-storage/values.yaml                    |  3 +++
 charts/kubezero/Chart.yaml                             |  2 +-
 charts/kubezero/values.yaml                            |  2 +-
 7 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f22259d9..1e87df77 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,9 +3,11 @@ ARG ALPINE_VERSION=3.20
 FROM docker.io/alpine:${ALPINE_VERSION}
 
 ARG ALPINE_VERSION
-ARG KUBE_VERSION=1.30.5
-ARG SECRETS_VERSION=4.6.1
-ARG VALS_VERSION=0.37.5
+ARG KUBE_VERSION=1.30.6
+
+ARG SOPS_VERSION="3.9.1"
+ARG VALS_VERSION="0.37.6"
+ARG HELM_SECRETS_VERSION="4.6.2"
 
 RUN cd /etc/apk/keys && \
     wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
@@ -33,7 +35,7 @@ RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \
 
 # helm secrets
 RUN mkdir -p $(helm env HELM_PLUGINS) && \
-    wget -qO - https://github.com/jkroepke/helm-secrets/releases/download/v${SECRETS_VERSION}/helm-secrets.tar.gz | tar -C "$(helm env HELM_PLUGINS)" -xzf-
+    wget -qO - https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C "$(helm env HELM_PLUGINS)" -xzf-
 
 # vals
 RUN wget -qO - https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xzf- vals
diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh
index f68206d2..f88376c8 100755
--- a/admin/upgrade_cluster.sh
+++ b/admin/upgrade_cluster.sh
@@ -45,7 +45,8 @@ echo "Applying remaining KubeZero modules..."
 control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
 
 # Final step is to commit the new argocd kubezero app
-kubectl get app kubezero -n argocd -o yaml | yq 'del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP
+# remove the del(.spec.source.helm.values) with 1.31
+kubectl get app kubezero -n argocd -o yaml | yq 'del(.spec.source.helm.values) | del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..)' > $ARGO_APP
 
 # Trigger backup of upgraded cluster state
 kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$KUBE_VERSION -n kube-system
diff --git a/charts/kubeadm/Chart.yaml b/charts/kubeadm/Chart.yaml
index a7ed166f..4a70a68e 100644
--- a/charts/kubeadm/Chart.yaml
+++ b/charts/kubeadm/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubeadm
 description: KubeZero Kubeadm cluster config
 type: application
-version: 1.30.5
+version: 1.30.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
diff --git a/charts/kubezero-istio-gateway/templates/envoyfilter-listener.yaml b/charts/kubezero-istio-gateway/templates/envoyfilter-listener.yaml
index f4a4a976..d38b0e53 100644
--- a/charts/kubezero-istio-gateway/templates/envoyfilter-listener.yaml
+++ b/charts/kubezero-istio-gateway/templates/envoyfilter-listener.yaml
@@ -19,7 +19,15 @@ spec:
         - name: envoy.filters.listener.proxy_protocol
           typed_config:
             "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
+          filter_disabled:
+            destination_port_range:
+              start: 1025
+              end: 1026
         {{- end }}
         - name: envoy.filters.listener.tls_inspector
           typed_config:
             "@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
+          filter_disabled:
+            destination_port_range:
+              start: 1025
+              end: 1026
diff --git a/charts/kubezero-storage/values.yaml b/charts/kubezero-storage/values.yaml
index 2fb6da4d..db1a241f 100644
--- a/charts/kubezero-storage/values.yaml
+++ b/charts/kubezero-storage/values.yaml
@@ -204,6 +204,9 @@ aws-efs-csi-driver:
 
   replicaCount: 1
 
+  image:
+    tag: "v2.0.9"
+
   controller:
     create: true
     logLevel: 2
diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml
index 3957b32f..cfe50678 100644
--- a/charts/kubezero/Chart.yaml
+++ b/charts/kubezero/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero
 description: KubeZero - Root App of Apps chart
 type: application
-version: 1.30.5
+version: 1.30.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml
index 9cfff15a..f9c6f5c0 100644
--- a/charts/kubezero/values.yaml
+++ b/charts/kubezero/values.yaml
@@ -47,7 +47,7 @@ cert-manager:
 
 storage:
   enabled: false
-  targetRevision: 0.8.8
+  targetRevision: 0.8.9
   lvm-localpv:
     enabled: false
   aws-ebs-csi-driver: