diff --git a/Dockerfile b/Dockerfile index 0054f96..0562bc0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.18 FROM docker.io/alpine:${ALPINE_VERSION} ARG ALPINE_VERSION -ARG KUBE_VERSION=1.26 +ARG KUBE_VERSION=1.27 RUN cd /etc/apk/keys && \ wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \ diff --git a/admin/dev_apply.sh b/admin/dev_apply.sh index 4badb66..13b9492 100755 --- a/admin/dev_apply.sh +++ b/admin/dev_apply.sh @@ -4,7 +4,7 @@ set -x #VERSION="latest" -KUBE_VERSION="v1.26.8" +KUBE_VERSION="v1.27.7" WORKDIR=$(mktemp -p /tmp -d kubezero.XXX) SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh index 07eb7ff..98b497d 100755 --- a/admin/upgrade_cluster.sh +++ b/admin/upgrade_cluster.sh @@ -3,7 +3,7 @@ set -eE set -o pipefail #VERSION="latest" -VERSION="v1.26" +VERSION="v1.27" ARGO_APP=${1:-/tmp/new-kubezero-argoapp.yaml} SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) @@ -157,9 +157,6 @@ waitSystemPodsRunning echo "Applying remaining KubeZero modules..." -# Delete fluent-bit DS being all weird -kubectl delete ds logging-fluent-bit -n logging || true - control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd" # Trigger backup of upgraded cluster state diff --git a/charts/kubeadm/Chart.yaml b/charts/kubeadm/Chart.yaml index 292e028..2941ea5 100644 --- a/charts/kubeadm/Chart.yaml +++ b/charts/kubeadm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubeadm description: KubeZero Kubeadm cluster config type: application -version: 1.26.8 +version: 1.27.7 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -11,4 +11,4 @@ keywords: maintainers: - name: Stefan Reimer email: stefan@zero-downtime.net -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.27.0" diff --git a/charts/kubeadm/templates/KubeletConfiguration.yaml b/charts/kubeadm/templates/KubeletConfiguration.yaml index f107c4f..0843c92 100644 --- a/charts/kubeadm/templates/KubeletConfiguration.yaml +++ b/charts/kubeadm/templates/KubeletConfiguration.yaml @@ -33,3 +33,5 @@ kubeReserved: # memory.available: "484Mi" imageGCLowThresholdPercent: 70 # kernelMemcgNotification: true +serializeImagePulls: false +maxParallelImagePulls: 2 diff --git a/charts/kubeadm/templates/_helpers.tpl b/charts/kubeadm/templates/_helpers.tpl index 9b5ab6f..de606d2 100644 --- a/charts/kubeadm/templates/_helpers.tpl +++ b/charts/kubeadm/templates/_helpers.tpl @@ -1,6 +1,6 @@ {{- /* Feature gates for all control plane components */ -}} {{- define "kubeadm.featuregates" }} -{{- $gates := list "CustomCPUCFSQuotaPeriod" }} +{{- $gates := list "CustomCPUCFSQuotaPeriod" "MemoryQoS" "UserNamespacesSupport" }} {{- if eq .return "csv" }} {{- range $key := $gates }} {{- $key }}=true, diff --git a/charts/kubeadm/templates/credential-provider.yaml b/charts/kubeadm/templates/credential-provider.yaml deleted file mode 100644 index 9bf23d0..0000000 --- a/charts/kubeadm/templates/credential-provider.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kubelet.config.k8s.io/v1beta1 -kind: CredentialProviderConfig -providers: - - name: amazon-ecr-credential-helper - matchImages: - - "*.dkr.ecr.*.amazonaws.com" - - "*.dkr.ecr.*.amazonaws.cn" - - "*.dkr.ecr-fips.*.amazonaws.com" - - "*.dkr.ecr.us-iso-east-1.c2s.ic.gov" - - "*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov" - defaultCacheDuration: "12h" - apiVersion: credentialprovider.kubelet.k8s.io/v1alpha1 - args: - - get - #env: - # - name: AWS_PROFILE - # value: example_profile diff --git a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml index 4e86520..8c8de7b 100644 --- a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml +++ b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml @@ -85,8 +85,6 @@ metadata: name: aws-iam-authenticator labels: k8s-app: aws-iam-authenticator - annotations: - seccomp.security.alpha.kubernetes.io/pod: runtime/default spec: selector: matchLabels: @@ -98,6 +96,10 @@ spec: labels: k8s-app: aws-iam-authenticator spec: + securityContext: + seccompProfile: + type: RuntimeDefault + priorityClassName: system-cluster-critical # use service account with access to @@ -115,7 +117,7 @@ spec: containers: - name: aws-iam-authenticator - image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.10 + image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.11 args: - server - --backend-mode=CRD,MountedFile diff --git a/charts/kubezero-storage/jsonnet/jsonnetfile.json b/charts/kubezero-storage/jsonnet/jsonnetfile.json index 724a52a..cb0b508 100644 --- a/charts/kubezero-storage/jsonnet/jsonnetfile.json +++ b/charts/kubezero-storage/jsonnet/jsonnetfile.json @@ -8,7 +8,7 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "release-0.9" + "version": "main" }, { "source": { diff --git a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json index 34d017b..474512f 100644 --- a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json +++ b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "90f38916f1f8a310a715d18e36f787f84df4ddf5", - "sum": "0kZ1pnuIirDtbg6F9at5+NQOwKNONIGEPq0eECzvRkI=" + "version": "5698c8940b6dadca3f42107b7839557bc041761f", + "sum": "l6fPvh3tW6fWot308w71QY/amrYsFPeitvz1IgJxqQA=" }, { "source": { @@ -18,8 +18,18 @@ "subdir": "contrib/mixin" } }, - "version": "6186538c0cbd2b9c5e3139b78924addd43b066c0", - "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" + "version": "262a3a1208a74e7dc0719c2c75096e934242546b", + "sum": "xuUBd2vqF7asyVDe5CE08uPT/RxAdy8O75EjFJoMXXU=" + }, + { + "source": { + "git": { + "remote": "https://github.com/grafana/grafana.git", + "subdir": "grafana-mixin" + } + }, + "version": "1120f9e255760a3c104b57871fcb91801e934382", + "sum": "MkjR7zCgq6MUZgjDzop574tFKoTX2OBr7DTwm1K+Ofs=" }, { "source": { @@ -31,6 +41,26 @@ "version": "a1d61cce1da59c71409b99b5c7568511fec661ea", "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc=" }, + { + "source": { + "git": { + "remote": "https://github.com/grafana/grafonnet-lib.git", + "subdir": "grafonnet-7.0" + } + }, + "version": "a1d61cce1da59c71409b99b5c7568511fec661ea", + "sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM=" + }, + { + "source": { + "git": { + "remote": "https://github.com/grafana/grafonnet.git", + "subdir": "gen/grafonnet-v10.0.0" + } + }, + "version": "9409bc38be3633a888509f271fb249d7657fa87f", + "sum": "gj/20VIGucG2vDGjG7YdHLC4yUUfrpuaneUYaRmymOM=" + }, { "source": { "git": { @@ -38,9 +68,29 @@ "subdir": "grafana-builder" } }, - "version": "62aec8403a5c38d5dc97ba596703753289b1c33b", + "version": "d2347c7f9d22b7745a39dd521f00dbbfb9bd9944", "sum": "xEFMv4+ObwP5L1Wu0XK5agWci4AJzNApys6iKAQxLlQ=" }, + { + "source": { + "git": { + "remote": "https://github.com/jsonnet-libs/docsonnet.git", + "subdir": "doc-util" + } + }, + "version": "fd8de9039b3c06da77d635a3a8289809a5bfb542", + "sum": "mFebrE9fhyAKW4zbnidcjVFupziN5LPA/Z7ii94uCzs=" + }, + { + "source": { + "git": { + "remote": "https://github.com/jsonnet-libs/xtd.git", + "subdir": "" + } + }, + "version": "0256a910ac71f0f842696d7bca0bf01ea77eb654", + "sum": "zBOpb1oTNvXdq9RF6yzTHill5r1YTJLBBoqyx4JYtAg=" + }, { "source": { "git": { @@ -48,18 +98,8 @@ "subdir": "" } }, - "version": "ba16d78ef81ca3d183472c2e3d1d7d3549e18ecb", - "sum": "ntQv86Jd9HR4YQlb2yzjYVCAQHMUnAaQVIdhR2QaNNg=" - }, - { - "source": { - "git": { - "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin.git", - "subdir": "lib/promgrafonnet" - } - }, - "version": "a10227e04218679b5e0e1d50784a4251bf3bdaf3", - "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" + "version": "31169fd115654ca023c03cd7b45b9c96704a87e2", + "sum": "KJZ5QCtsPm3NofFURHO315rd4pnKc5+trU6ihuE64P8=" }, { "source": { @@ -68,8 +108,8 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "f170cc73f11c1580d7f38af746be0f2fa79c6a1e", - "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" + "version": "eac6d3b1c994bd7dbd76026188d2b374bf000f20", + "sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g=" }, { "source": { @@ -78,8 +118,8 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "f170cc73f11c1580d7f38af746be0f2fa79c6a1e", - "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" + "version": "eac6d3b1c994bd7dbd76026188d2b374bf000f20", + "sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c=" }, { "source": { @@ -88,8 +128,8 @@ "subdir": "" } }, - "version": "87b902c85429eedce78033049de9280f39e81372", - "sum": "TyL/PPFwpRRzAOwYVlvgBsSHS6/+Z6TgRGFe8beJcpE=" + "version": "60914307fa8fd0249e22c1d1c17a5bb854eaf7bd", + "sum": "2qFibfAMWJ+1XhjmKxR5QA/+Ff4hHw2pFwDkyB4aWJA=" }, { "source": { @@ -98,8 +138,8 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "408f3863905f0f9ba1679592fd65a4d7793e7021", - "sum": "pupXEvlRbhLdEO9b8LfFZB66+Z7fEqvRZ9m3MyEvsv4=" + "version": "ec217b8cb643d95309e09636ff65eb31ce05b073", + "sum": "XtoFUJuXsse3V2V2rXUl6nl6DWeAMwDh3u18akyEz6I=" }, { "source": { @@ -108,8 +148,8 @@ "subdir": "jsonnet/mixin" } }, - "version": "83fe36566f4e0894eb5ffcd2638a0f039a17bdeb", - "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", + "version": "6aefeaf6a1eb39253b3d68947c408936aeba3efd", + "sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=", "name": "prometheus-operator-mixin" }, { @@ -119,8 +159,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "83fe36566f4e0894eb5ffcd2638a0f039a17bdeb", - "sum": "J1G++A8hrtr3+OZQMmcNeb1w/C30bXqqwpwHL/Xhsd4=" + "version": "6aefeaf6a1eb39253b3d68947c408936aeba3efd", + "sum": "gl4yvv+WLjt+CaTW4/urKAMx8fs9I4K8PgZ4PyOMD58=" }, { "source": { @@ -129,8 +169,8 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "b408b522bc653d014e53035e59fa394cc1edd762", - "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", + "version": "412f06255a1c09b16eed91d22edbc6464c606008", + "sum": "1d7ZKYArJKacAWXLUz0bRC1uOkozee/PPw97/W5zGhc=", "name": "alertmanager" }, { @@ -140,8 +180,8 @@ "subdir": "docs/node-mixin" } }, - "version": "832909dd257eb368cf83363ffcae3ab84cb4bcb1", - "sum": "MmxGhE2PJ1a52mk2x7vDpMT2at4Jglbud/rK74CB5i0=" + "version": "86ed8cdc6b1ba328e7ac4a9b1680129e9ab3d309", + "sum": "By6n6U10hYDogUsyhsaKZehbhzxBZZobJloiKyKadgM=" }, { "source": { @@ -150,10 +190,21 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "751ca03faddc9c64089c41d0da370a3a0b477742", - "sum": "AS8WYFi/z10BZSF6DFkKBscjB32XDMM7iIso7CO/FyI=", + "version": "ef8e6ae78040613fdc1ceb25f22b76f87dd2c80a", + "sum": "8OngT76gVXOUROOOeP9yTe6E/dn+2D2J34Dn690QCG0=", "name": "prometheus" }, + { + "source": { + "git": { + "remote": "https://github.com/pyrra-dev/pyrra.git", + "subdir": "config/crd/bases" + } + }, + "version": "551856d42dff02ec38c5b0ea6a2d99c4cb127e82", + "sum": "bY/Pcrrbynguq8/HaI88cQ3B2hLv/xc+76QILY7IL+g=", + "name": "pyrra" + }, { "source": { "git": { @@ -161,8 +212,8 @@ "subdir": "mixin" } }, - "version": "ff363498fc95cfe17de894d7237bcf38bdd0bc36", - "sum": "cajthvLKDjYgYHCKQU2g/pTMRkxcbuJEvTnCyJOihl8=", + "version": "2b982d5c4114a8eae1cf1b9df1682c407b1931b1", + "sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=", "name": "thanos-mixin" } ], diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index 1f38f92..731bc05 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.26.8 +version: 1.27.7 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -15,4 +15,4 @@ dependencies: - name: kubezero-lib version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.27.0" diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 52d7590..278bdbe 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -10,7 +10,7 @@ global: addons: enabled: true - targetRevision: 0.8.1 + targetRevision: 0.8.2 external-dns: enabled: false forseti: