diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index f6a5a3552e..a2ae683a04 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -47,6 +47,7 @@ kube_aws_ingress_controller_deregistration_delay_timeout: "10s" # This opens skipper-ingress ports 9998 and 9999 on all worker nodes kube_aws_ingress_controller_nlb_enabled: "true" kube_aws_ingress_controller_nlb_cross_zone: "true" +kube_aws_ingress_controller_nlb_zone_affinity: "any_availability_zone" kube_aws_ingress_controller_cert_polling_interval: "2m" # sets the default LB type: "network" or "application" are valid choices (overwritten by nlb_switch) kube_aws_ingress_default_lb_type: "application" @@ -653,6 +654,9 @@ blocked_availability_zone: "" # etcd cluster etcd_stack_name: "etcd-cluster-etcd" +# comma separated list of DNS record prefixes which will be prefixed to the +# hosted zone of the account. We allow multiple prefixes for the purpose of +# migration. etcd_dns_record_prefixes: "etcd-server.{{.Cluster.Region}}" {{if eq .Cluster.Environment "production"}} diff --git a/cluster/manifests/03-ebs-csi/controller.yaml b/cluster/manifests/03-ebs-csi/controller.yaml index b9064e378f..de32176699 100644 --- a/cluster/manifests/03-ebs-csi/controller.yaml +++ b/cluster/manifests/03-ebs-csi/controller.yaml @@ -35,7 +35,7 @@ spec: runAsUser: 1000 containers: - name: ebs-plugin - image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.28.0-master-16 + image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.29.1-master-17 args: - controller - --endpoint=$(CSI_ENDPOINT) @@ -82,7 +82,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: csi-provisioner - image: container-registry.zalando.net/teapot/external-provisioner:v4.0.0-eks-1-28-20-master-16 + image: container-registry.zalando.net/teapot/external-provisioner:v4.0.1-eks-1-29-10-master-17 args: - --csi-address=$(ADDRESS) - --v=2 @@ -107,7 +107,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: csi-attacher - image: container-registry.zalando.net/teapot/external-attacher:v4.5.0-eks-1-28-20-master-16 + image: container-registry.zalando.net/teapot/external-attacher:v4.5.1-eks-1-29-10-master-17 args: - --csi-address=$(ADDRESS) - --v=2 @@ -129,7 +129,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: csi-resizer - image: container-registry.zalando.net/teapot/external-resizer:v1.10.0-eks-1-28-20-master-16 + image: container-registry.zalando.net/teapot/external-resizer:v1.10.1-eks-1-29-10-master-17 args: - --csi-address=$(ADDRESS) - --v=2 @@ -151,7 +151,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: liveness-probe - image: container-registry.zalando.net/teapot/livenessprobe:v2.12.0-eks-1-28-20-master-16 + image: container-registry.zalando.net/teapot/livenessprobe:v2.12.0-eks-1-29-10-master-17 args: - --csi-address=/csi/csi.sock resources: diff --git a/cluster/manifests/03-ebs-csi/node.yaml b/cluster/manifests/03-ebs-csi/node.yaml index 121a748308..c74e96d3a2 100644 --- a/cluster/manifests/03-ebs-csi/node.yaml +++ b/cluster/manifests/03-ebs-csi/node.yaml @@ -34,7 +34,7 @@ spec: runAsUser: 0 containers: - name: ebs-plugin - image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.28.0-master-16 + image: container-registry.zalando.net/teapot/aws-ebs-csi-driver:v1.29.1-master-17 args: - node - --endpoint=$(CSI_ENDPOINT) @@ -77,7 +77,7 @@ spec: privileged: true readOnlyRootFilesystem: true - name: node-driver-registrar - image: container-registry.zalando.net/teapot/node-driver-registrar:v2.10.0-eks-1-28-20-master-16 + image: container-registry.zalando.net/teapot/node-driver-registrar:v2.10.1-eks-1-29-10-master-17 args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) @@ -114,7 +114,7 @@ spec: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - name: liveness-probe - image: container-registry.zalando.net/teapot/livenessprobe:v2.12.0-eks-1-28-20-master-16 + image: container-registry.zalando.net/teapot/livenessprobe:v2.12.0-eks-1-29-10-master-17 args: - --csi-address=/csi/csi.sock volumeMounts: diff --git a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml index b0dad127af..c1df970dcb 100644 --- a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml +++ b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml @@ -35,7 +35,7 @@ spec: operator: Exists containers: - name: cluster-lifecycle-controller - image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-38 + image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-39 args: - --drain-grace-period={{.Cluster.ConfigItems.drain_grace_period}} - --drain-min-pod-lifetime={{.Cluster.ConfigItems.drain_min_pod_lifetime}} diff --git a/cluster/manifests/deployment-service/controller-statefulset.yaml b/cluster/manifests/deployment-service/controller-statefulset.yaml index 11fd826997..26c5753871 100644 --- a/cluster/manifests/deployment-service/controller-statefulset.yaml +++ b/cluster/manifests/deployment-service/controller-statefulset.yaml @@ -29,7 +29,7 @@ spec: terminationGracePeriodSeconds: 300 containers: - name: "deployment-service-controller" - image: "container-registry.zalando.net/teapot/deployment-controller:master-188" + image: "container-registry.zalando.net/teapot/deployment-controller:master-190" args: - "--config-namespace=kube-system" - "--decrypt-kms-alias-arn=arn:aws:kms:{{ .Cluster.Region }}:{{ .Cluster.InfrastructureAccount | getAWSAccountID }}:alias/deployment-secret" diff --git a/cluster/manifests/deployment-service/status-service-deployment.yaml b/cluster/manifests/deployment-service/status-service-deployment.yaml index c18185dd71..b7c434e268 100644 --- a/cluster/manifests/deployment-service/status-service-deployment.yaml +++ b/cluster/manifests/deployment-service/status-service-deployment.yaml @@ -1,5 +1,5 @@ {{ $image := "container-registry.zalando.net/teapot/deployment-status-service" }} -{{ $version := "master-188" }} +{{ $version := "master-190" }} apiVersion: apps/v1 kind: Deployment diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index 4d9d15333c..e23b8c544e 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -1,4 +1,4 @@ -# {{ $version := "v0.15.13" }} +# {{ $version := "v0.15.15" }} apiVersion: apps/v1 kind: Deployment @@ -42,6 +42,7 @@ spec: # {{ if eq .Cluster.ConfigItems.kube_aws_ingress_controller_nlb_cross_zone "true" }} - --nlb-cross-zone # {{ end }} + - --nlb-zone-affinity={{ .Cluster.ConfigItems.kube_aws_ingress_controller_nlb_zone_affinity }} - --cluster-local-domain=cluster.local - --deny-internal-domains - --additional-stack-tags=InfrastructureComponent=true diff --git a/cluster/manifests/kube-static-egress-controller/deployment.yaml b/cluster/manifests/kube-static-egress-controller/deployment.yaml index 78c6f32cb9..10c226f1ae 100644 --- a/cluster/manifests/kube-static-egress-controller/deployment.yaml +++ b/cluster/manifests/kube-static-egress-controller/deployment.yaml @@ -30,7 +30,7 @@ spec: serviceAccountName: kube-static-egress-controller containers: - name: controller - image: container-registry.zalando.net/teapot/kube-static-egress-controller:v0.2.15-master-46 + image: container-registry.zalando.net/teapot/kube-static-egress-controller:v0.2.16-master-47 args: - "--provider=aws" - "--vpc-id={{.Cluster.ConfigItems.vpc_id}}" diff --git a/cluster/manifests/pdb-controller/deployment.yaml b/cluster/manifests/pdb-controller/deployment.yaml index 6d519ac0c7..ad0d81f6a5 100644 --- a/cluster/manifests/pdb-controller/deployment.yaml +++ b/cluster/manifests/pdb-controller/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: pdb-controller containers: - name: pdb-controller - image: container-registry.zalando.net/teapot/pdb-controller:master-31 + image: container-registry.zalando.net/teapot/pdb-controller:master-32 args: - --debug {{- if .Cluster.ConfigItems.pdb_controller_non_ready_ttl }} diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 225344f018..6c67fc9b5d 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,5 +1,5 @@ -{{ $internal_version := "v0.21.62-890" }} -{{ $canary_internal_version := "v0.21.72-900" }} +{{ $internal_version := "v0.21.72-900" }} +{{ $canary_internal_version := "v0.21.76-905" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} diff --git a/cluster/manifests/stackset-controller/deployment.yaml b/cluster/manifests/stackset-controller/deployment.yaml index 7e34fb3005..ce59ddb99a 100644 --- a/cluster/manifests/stackset-controller/deployment.yaml +++ b/cluster/manifests/stackset-controller/deployment.yaml @@ -1,4 +1,4 @@ -{{ $version := "v1.4.70" }} +{{ $version := "v1.4.72" }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/cluster/manifests/z-karpenter/deployment.yaml b/cluster/manifests/z-karpenter/deployment.yaml index cf8a512bc9..f2ef4bffba 100644 --- a/cluster/manifests/z-karpenter/deployment.yaml +++ b/cluster/manifests/z-karpenter/deployment.yaml @@ -50,7 +50,7 @@ spec: drop: - ALL readOnlyRootFilesystem: true - image: "container-registry.zalando.net/teapot/karpenter:0.36.0-main-21.custom" + image: "container-registry.zalando.net/teapot/karpenter:0.36.1-main-22" imagePullPolicy: IfNotPresent env: - name: KUBERNETES_MIN_VERSION diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index aa4e66b4db..81dccc59d7 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -203,7 +203,7 @@ write_files: limits: memory: {{ .Values.InstanceInfo.MemoryFraction (parseInt64 .Cluster.ConfigItems.apiserver_memory_limit_percent)}} {{- end }} - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-200 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-201 name: admission-controller lifecycle: preStop: @@ -354,7 +354,7 @@ write_files: - mountPath: /etc/kubernetes/k8s-authnz-webhook-kubeconfig name: k8s-authnz-webhook-kubeconfig readOnly: true - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-55 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-100 name: tokeninfo ports: - containerPort: 9021 @@ -385,7 +385,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ if ne .Cluster.Environment "production" }} - name: tokeninfo-sandbox - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-55 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-100 ports: - containerPort: 9022 lifecycle: