Merge pull request #99 from sighupio/feat/add-1.30-bump-1.28-1.29

Feat/add 1.30 bump 1.28 1.29

README.md

@@ -26,9 +26,9 @@ The following packages are included in the Fury Kubernetes on-premises module:
 
 | Package                                        | Version  | Description                                                                   |
 | ---------------------------------------------- | -------- | ----------------------------------------------------------------------------- |
-| [etcd](roles/etcd)                             | `3.5.8`  | Ansible role to install etcd as systemd service                               |
+| [etcd](roles/etcd)                             | `3.5.15` | Ansible role to install etcd as systemd service                               |
 | [haproxy](roles/haproxy)                       | `2.6`    | Ansible role to install HAProxy as Kubernetes load balancer for the APIServer |
-| [containerd](roles/containerd)                 | `1.7.13`  | Ansible role to install containerd as container runtime                       |
+| [containerd](roles/containerd)                 | `1.7.23` | Ansible role to install containerd as container runtime                       |
 | [kube-node-common](roles/kube-node-common)     | `-`      | Ansible role to install prerequisites for Kubernetes setup                    |
 | [kube-control-plane](roles/kube-control-plane) | `-`      | Ansible role to install master nodes                                          |
 | [kube-worker](roles/kube-worker)               | `-`      | Ansible role to install worker nodes and join them to the cluster             |
@@ -37,7 +37,7 @@ Click on each package to see its full documentation.
 
 ## Compatibility
 
-This version is compatible with Kubernetes 1.29.3 plus the complete list in the compatibility matrix.
+This version is compatible with Kubernetes 1.30.6 plus the complete list in the compatibility matrix.
 
 Check the [compatibility matrix][compatibility-matrix] for additional information about previous releases of the module.
 
@@ -49,14 +49,16 @@ Check the [compatibility matrix][compatibility-matrix] for additional informatio
 | ----------------------- |------------| ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | [furyctl][furyctl-repo] | `>=0.27.0` | The recommended tool to download and manage KFD modules and their packages. To learn more about `furyctl` read the [official documentation][furyctl-repo]. |
 
-### Provision the cluster
+### Legacy provisioning
+
+> Clusters are now being totally managed by furyctl with the OnPremises provider, the following example is for a manual install. Check the [getting-started][getting-started] repository to know more.
 
 1. List the role in a `Furyfile.yml` file
 
 ```yaml
 roles:
   - name: on-premises
-    version: v1.29.3
+    version: v1.30.6
 ```
 
 > See `furyctl` [documentation][furyctl-repo] for additional details about `Furyfile.yml` format.
@@ -73,6 +75,7 @@ roles:
 [compatibility-matrix]: https://github.com/sighupio/fury-kubernetes-on-premises/blob/master/docs/COMPATIBILITY_MATRIX.md
 [kfd-repo]: https://github.com/sighupio/fury-distribution
 [kfd-docs]: https://docs.kubernetesfury.com/docs/distribution/
+[getting-started]: https://github.com/sighupio/fury-getting-started/tree/main/fury-on-vms
 
 <!-- </KFD-DOCS> -->
 

docs/COMPATIBILITY_MATRIX.md

@@ -1,12 +1,13 @@
 # Compatibility Matrix
 
-| Module Version / Kubernetes Version |       1.29.3       |       1.28.7       |       1.27.6       |       1.26.7       |       1.26.3       |      1.25.12       |       1.25.6       |      1.24.16       |       1.24.7       |
-| ----------------------------------- | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: |
-| v1.28.7                             |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| v1.28.7-rev.1                       |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| v1.29.3                             | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| v1.29.3-rev.1                       | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| v1.29.3-rev.2                       | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| Module Version / Kubernetes Version |       1.30.6       |      1.29.10       |       1.29.3       |      1.28.15       |       1.28.7       |       1.27.6       |       1.26.7       |       1.26.3       |      1.25.12       |       1.25.6       |      1.24.16       |       1.24.7       |
+| ----------------------------------- | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: | :----------------: |
+| v1.28.7                             |                    |                    |                    |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| v1.28.7-rev.1                       |                    |                    |                    |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| v1.29.3                             |                    |                    | :white_check_mark: |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| v1.29.3-rev.1                       |                    |                    | :white_check_mark: |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| v1.29.3-rev.2                       |                    |                    | :white_check_mark: |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| v1.30.6                             | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |                    |                    |                    |                    |                    |                    |                    |
 
 All versions below v1.28.7 will not work due to the removal of the old package registry managed by google.
 

docs/releases/v1.30.6.md

@@ -0,0 +1,34 @@
+# On Premises add-on module release 1.30.6
+
+Welcome to the latest release of `on-premises` module of [`Kubernetes Fury Distribution`](https://github.com/sighupio/fury-distribution) maintained by SIGHUP team.
+
+The latest release includes support for version 1.30.6 (and 1.29.10, 1.28.15).
+
+This installer version is compatible from version 1.28.7.
+
+## Package Versions 🚢
+
+| Package                                        | Supported Version | Previous Version |
+| ---------------------------------------------- | ----------------- | ---------------- |
+| [etcd](roles/etcd)                             | `3.5.15`          | `3.5.8`          |
+| [haproxy](roles/haproxy)                       | `2.6`             | `No update`      |
+| [containerd](roles/containerd)                 | `1.7.23`          | `1.7.13`         |
+| [kube-node-common](roles/kube-node-common)     | `-`               | `Updated`        |
+| [kube-control-plane](roles/kube-control-plane) | `-`               | `Updated`        |
+| [kube-worker](roles/kube-worker)               | `-`               | `Updated`        |
+
+## Update Guide 🦮
+
+In this guide, we will try to summarize the update process to this release.
+
+### Automatic upgrade using furyctl
+
+To update using furyctl, follow this [documentation](https://github.com/sighupio/furyctl/blob/main/docs/upgrades/kfd/README.md).
+
+### Manual update
+
+> NOTE: Each on-premises environment can be different, always double-check before updating components.
+
+1. Update KFD if applicable (see the [KFD release notes](https://github.com/sighupio/fury-distribution/tree/master/docs/releases))
+2. Update the cluster using playbooks, see the examples in this repository to know more.
+

roles/containerd/defaults/main.yml

@@ -12,41 +12,17 @@ runc_download_url: "https://github.com/opencontainers/runc/releases/download/{{
 runc_checksum: "sha256:https://github.com/opencontainers/runc/releases/download/{{ versions[kubernetes_version].runc_version }}/runc.sha256sum"
 
 # Customize versions based on Kubernetes version to maintain compatibility
-kubernetes_version: "1.29.3"
+kubernetes_version: "1.30.6"
 # Resgistry where to pull the pause (sandbox) image. We use the same name used in other roles for simplicity.
 # Upstream registry is "k8s.gcr.io"
 kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
 
 versions:
-  1.24.7:
-    containerd_version: "1.6.28"
-    runc_version: "v1.1.12"
-    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
-  1.24.16:
-    containerd_version: "1.6.28"
-    runc_version: "v1.1.12"
-    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
-  1.25.6:
-    containerd_version: "1.6.28"
-    runc_version: "v1.1.12"
-    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
-  1.25.12:
-    containerd_version: "1.6.28"
-    runc_version: "v1.1.12"
-    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
-  1.26.3:
-    containerd_version: "1.7.13"
-    runc_version: "v1.1.12"
-    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
-  1.26.7:
-    containerd_version: "1.7.13"
-    runc_version: "v1.1.12"
-    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
-  1.27.6:
+  1.28.7:
     containerd_version: "1.7.13"
     runc_version: "v1.1.12"
     sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
-  1.28.7:
+  1.28.15:
     containerd_version: "1.7.13"
     runc_version: "v1.1.12"
     sandbox_image: "{{ kubernetes_image_registry }}/pause:3.2" # using 3.2 because we had it hardcoded before.
@@ -55,12 +31,20 @@ versions:
     runc_version: "v1.1.12"
     # containerd defaults to `pause:3.8` for version 1.7.13, see:
     # https://github.com/containerd/containerd/blob/v1.7.13/pkg/cri/config/config_unix.go#L96
-    # but `kubeadm config images list` (for kubeadm v1.29.2) points to pause:3.9,
+    # but `kubeadm config images list` (for kubeadm v1.29.3) points to pause:3.9, (or https://github.com/kubernetes/kubernetes/blob/v1.29.3/cmd/kubeadm/app/constants/constants.go)
     # so prefering that version because:
     #   1. kubeadm will pull this image anyway when initiating
     #   2. kubeadm will instruct the kubelet that this image should not be garbage collected.
     #   Ref: https://github.com/kubernetes/kubeadm/issues/2020
     sandbox_image: "{{ kubernetes_image_registry }}/pause:3.9"
+  1.29.10:
+    containerd_version: "1.7.23"
+    runc_version: "v1.1.14" # use this link (with the correct tag) to know which version of runc is needed https://github.com/containerd/containerd/blob/v1.7.23/script/setup/runc-version
+    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.9"
+  1.30.6:
+    containerd_version: "1.7.23"
+    runc_version: "v1.1.14" # use this link (with the correct tag) to know which version of runc is needed https://github.com/containerd/containerd/blob/v1.7.23/script/setup/runc-version
+    sandbox_image: "{{ kubernetes_image_registry }}/pause:3.9"
 
 # Service options.
 containerd_service_state: started

roles/etcd/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 etcd_name: "{{ inventory_hostname }}"
-etcd_version: v3.5.8
+etcd_version: v3.5.15
 etcd_download_url: https://storage.googleapis.com/etcd
 etcd_data_dir: /var/lib/etcd
 etcd_binary_dir: /usr/local/bin

roles/kube-control-plane/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
 kubeadm_config_file: /etc/kubernetes/kubeadm.yml
+kubeadm_upgrade_config_file: /etc/kubernetes/kubeadm-upgrade-config.yml
 audit_log_dir: /var/log/kubernetes
 audit_policy_max_age: 3
 audit_policy_config_path: /etc/kubernetes/audit.yaml
@@ -15,7 +16,7 @@ kubernetes_cloud_config: ""
 # Accepts a list of strings, in which each string can be either an IP Address or a domain
 kubernetes_apiserver_certSANs: []
 kubernetes_control_plane_address: "{{ ansible_hostname }}"
-kubernetes_version: "1.29.3"
+kubernetes_version: "1.30.6"
 kubernetes_image_registry: "{{ dependencies[kubernetes_version].kubernetes_image_registry }}"
 coredns_image_prefix: "{{ dependencies[kubernetes_version].coredns_image_prefix | default('/coredns') }}"
 kubernetes_hostname: "{{ ansible_fqdn }}"
@@ -46,21 +47,13 @@ upgrade: False
 
 dependencies:
   # To pin dependencies for each Kubernetes version
-  "1.24.7":
-    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
-  "1.24.16":
-    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
-  "1.25.6":
-    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
-  "1.25.12":
-    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
-  "1.26.3":
-    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
-  "1.26.7":
-    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
-  "1.27.6":
-    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
   "1.28.7":
     kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
+  "1.28.15":
+    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
   "1.29.3":
     kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
+  "1.29.10":
+    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"
+  "1.30.6":
+    kubernetes_image_registry: "registry.sighup.io/fury/on-premises"

roles/kube-control-plane/tasks/upgrade.yml

@@ -16,8 +16,19 @@
   command: "kubeadm certs renew super-admin.conf"
   when: kubernetes_version is version('1.29.0', 'ge', version_type='semver')
 
-- name: Upgrade kubernetes master with kubeadm
+- name: Upgrade kubernetes master with kubeadm (legacy)
   command: kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml -y
+  when: kubernetes_version is version('1.30.0', 'lt', version_type='semver')
+
+- name: Ensuring kubeadm-upgrade-config.yml config file is present on machine
+  template:
+    src: kubeadm-upgrade-config.yml.j2
+    dest: "{{ kubeadm_upgrade_config_file }}"
+  when: kubernetes_version is version('1.30.0', 'ge', version_type='semver')
+
+- name: Upgrade kubernetes master with kubeadm
+  command: kubeadm upgrade apply --config /etc/kubernetes/kubeadm-upgrade-config.yml
+  when: kubernetes_version is version('1.30.0', 'ge', version_type='semver')
 
 - name: Restart etcd service
   systemd:

roles/kube-control-plane/templates/kubeadm-upgrade-config.yml.j2

@@ -0,0 +1,5 @@
+apiVersion: kubeadm.k8s.io/v1beta4
+kind: UpgradeConfiguration
+apply:
+    kubernetesVersion: {{ kubernetes_version }}
+    forceUpgrade: true